[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: comments on VPN framework document




	>I see the same motivation driving the idea of allowing a remote

	>host's IP address and DNS server to be configured via ISAKMP, 
	>rather than requiring PPP-IPCP or DHCP as well. 

	Foisting lots of unrelated functionality onto a key management
	protocol is a supremely bad idea.  Initial configuration  is
	a specialized task that DHCP was designed to solve.  Given
	that it has taken quite a while to converge dialup and LAN
	configuration (via DHCP-Inform), the last thing we need is
	to create yet another configuration mechanism. 


Routers are explicitly prohibited from being DHCP clients
The same logic should apply to security gateways.
There is no current configuration mechanism that works without
some tweaking


Raouf Eldeeb                         E-mail: rledeeb@hifn.com
Hi/fn                                        Tel: (408) 399-3578