Re: mutiple phase 1 tunnel and proxy ID issues

[Raul Miller <rdm@test.legislate.com>]

Roy Pereira <rpereira@TimeStep.com> wrote:
> For a mobile client, its phase 1 ID will be something like an email
> address since its IP address is not static.

It's perfectly valid for a mobile client to have a static ip address.

Here, you would have something along the lines of a router (almost a
NAT) which the mobile client sits behind. The client comes in from
wherever, presents its credentials to the re-router and sets up an
encrypted tunnel for the "final hop" in the route to the static address.
This is a bit different from a NAT because the client knows about two ip
addresses, its dynamic address and its static address.

The dynamic address may be fine for transient things like browsing, the
static address is more useful for long-term activities. [For efficiency
reasons, you may want policy based routing in the client.]

Of course it's possible to have a mobile client which doesn't have a
long-term identity, or maybe this functionality doesn't show up on the
mass-market, but it's quite feasible.  

-- 
Raul

---

References:

• RE: mutiple phase 1 tunnel and proxy ID issues
• From: Roy Pereira <rpereira@TimeStep.com>

---

• Prev by Date: Re: mutiple phase 1 tunnel and proxy ID issues
• Next by Date: Re: mutiple phase 1 tunnel and proxy ID issues
• Prev by thread: Re: mutiple phase 1 tunnel and proxy ID issues
• Next by thread: Re: mutiple phase 1 tunnel and proxy ID issues
• Index(es):
  • Main
  • Thread