[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPSEC tunnels for LAN-to-LAN interop issue
Yes, what I think people want today for Security Gateways is VPN
tunnel portals, with pre-defined point-to-point links. That's why
we're going to see of lot of IP over PPP over L2TP over IPSec
transport.
PPP also addresses the link-up detection issue. Use echo request and
reply, or full LQM. (Or trust OSPF hellos to detect what matters.)
This won't address the issue of a Security Gateway at company A that
wants to let host 2 at company B access host 1 in company A. But I
think that involves many unsolved policy issues. (How do I know I
should trust host 2. What if company B wants to keep the trustedness
of host 2 a secret? What if company A wants to keep the accesibility
of host 1 a secret from everyone but company B? Nightmare...)
References: