[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: comments on VPN framework document
>I see the same motivation driving the idea of allowing a remote
>host's IP address and DNS server to be configured via ISAKMP,
>rather than requiring PPP-IPCP or DHCP as well.
Foisting lots of unrelated functionality onto a key management
protocol is a supremely bad idea. Initial configuration is
a specialized task that DHCP was designed to solve. Given
that it has taken quite a while to converge dialup and LAN
configuration (via DHCP-Inform), the last thing we need is
to create yet another configuration mechanism.