[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSec - Mobile IP users...



At the expense of sounding anal, I would prefer that we not use the terminology
mobile users. IPSec cannot really solve the mobility problem, but it can solve
the "portability" problem. The distinction here is that the mobile 
infrastructure must provide smooth (or fast) hand-off, and this is not within
IPSec's charter.

If we are talking about Mobile IP, a mobile node must communicate with a foreign
agent (or be co-located, which means that it acts as both a mobile node AND a
foreign agent). You can view the foreign agent as some form of gateway. 

If we are talking about PPP links, then the dial-up user must dial into a PPP
server, also known as a Network Access Server (NAS).

PatC
>
>Hello,
>
>
>I have some questions re: IPSec wrt. to mobile users.
>
>1) Do mobile users need IKE and DHCP to use IPSec ?  whats the general
>consensus
>    by customers ?
>
>2) (a)  When mobile users login, they normally dial-in to a Gateway.
>Does IPSec need to be
>    enabled and used between the Gateway and the mobile user ?  If so,
>it is always in transport mode of
>    IPSec ?
>
>     (b)  Does the mobile user need to have two IPSec Sessions - one to
>the Gateway and other to the
>            end (destination/termination) host ?  If so, can Sessions be
>of tunnel mode ?
>
>3) Any documents/website/ pointers on information on IPSec wrt. mobile
>users ?
>
>Thank you.
>
>Sunil.
>
>