Re: Bridging non-IP traffic over IPSec

[John Shriver <jas@shiva.com>]

Well, GRE is an Informational RFC, so GRE is not likely to be part of
an IETF Proposed Standard solution.  But, if you do it, you sure will
be interoperable with Cisco...

Certainly, it will work, and you can express GRE in the SPD.  But, the
SPD (and IKE negotiation) can't really negotiate what goes over the
GRE.  Is IP allowed over it?  IPX?  Transparent bridging?

One thing that is standards track, and people have been implementing,
is L2TP.  Put PPP over that, and then you have a place to run non-IP
traffic.

Again, the SPD can't really control what goes over.  But, you can
express the L2TP UDP port in the SPD.

As above, you will be interoperable with Cisco.

Also, with PPP over L2F, there's some way to automate some of the
configuration for the protocol that runs over IP, say assign an IPX
network number.

Of course, you're building a NBMA network, then you have to decide on
the model (network addressing, broadcast, routing) that you're going
to run on top of it.


Then there's reality.  If Windows 2000 only has PPTP (not L2TP), then
that's going to be very popular, even though it's only an
Informational RFC...

Is it useful to interoperate with Microsoft?  (Where do you want to go
today?)

---

Follow-Ups:

• Re: Bridging non-IP traffic over IPSec
• From: "Scott G. Kelly" <skelly@redcreek.com>

References:

• Bridging non-IP traffic over IPSec
• From: Eric Bomarsi <ebomarsi@xedia.com>

---

• Prev by Date: IP6 support in draft-ietf-ipsec-monitor-mib-00.txt
• Next by Date: RE: Last Call: Mobility Support in IPv6 to Proposed Standard
• Prev by thread: Re: Bridging non-IP traffic over IPSec
• Next by thread: Re: Bridging non-IP traffic over IPSec
• Index(es):
  • Main
  • Thread