[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: comments on VPN framework document
>I see the same motivation driving the idea of allowing a remote
>host's IP address and DNS server to be configured via ISAKMP,
>rather than requiring PPP-IPCP or DHCP as well.
Foisting lots of unrelated functionality onto a key management
protocol is a supremely bad idea. Initial configuration is
a specialized task that DHCP was designed to solve. Given
that it has taken quite a while to converge dialup and LAN
configuration (via DHCP-Inform), the last thing we need is
to create yet another configuration mechanism.
Routers are explicitly prohibited from being DHCP clients
The same logic should apply to security gateways.
There is no current configuration mechanism that works without
some tweaking
Raouf Eldeeb E-mail: rledeeb@hifn.com
Hi/fn Tel: (408) 399-3578