[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Windows 2000 and Cicsco router interoperability
Dan Harkins wrote:
>
> Since when is implementation of Mode Config (or XAUTH) necessary
> to be appropriate for remote access? Actually, Win2K seems to be
> using _standard protocols_ (IPSec-- err, IPsec, L2TP, PPP) to
> solve the problem. Imagine that.
>
> Dan.
I said "IMHO, an assigned virtual IP address is mandatory for remote
access applications". Given that opinion, Mode Config is currently
the most commonly implemented mechanism _within_ IPSEC that passes an
IP address to a remote access client. (I know IPSRA is working on
_new_ mechanisms but few, if any, of those mechanisms are implemented).
L2TP over IPSEC also provides this functionality. I personally consider
L2TP+PPP overkill just to pass down an IP address to a remote client
so I have favored IPSEC with Mode Config instead of L2TP/PPP over IPSEC.
Mode Config is dead in the IETF but many vendors, including your
former employer, are shipping Mode Config to provide remote access
over IPSEC without the overhead of L2TP. Hopefully, IPSRA will define
a new mechanism (DHCP?) that also transmits client configuration without
the overhead of a full L2TP and PPP stack.
-Ben McCann
--
Ben McCann Indus River Networks
31 Nagog Park
Acton, MA, 01720
email: bmccann@indusriver.com web: www.indusriver.com
phone: (978) 266-8140 fax: (978) 266-8111
Follow-Ups:
References: