[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Windows 2000 and Cicsco router interoperability



Ben McCann {mailto://bmccann@indusriver.com] writes:

> Dan Harkins wrote:
> > 
> >   Since when is implementation of Mode Config (or XAUTH) necessary
> > to be appropriate for remote access? Actually, Win2K seems to be
> > using _standard protocols_ (IPSec-- err, IPsec, L2TP, PPP) to
> > solve the problem. Imagine that.
> > 
> >   Dan.
> 
> I said "IMHO, an assigned virtual IP address is mandatory for remote
> access applications". Given that opinion, Mode Config is currently
> the most commonly implemented mechanism _within_ IPSEC that passes an
> IP address to a remote access client. (I know IPSRA is working on
> _new_ mechanisms but few, if any, of those mechanisms are implemented).
> 
> L2TP over IPSEC also provides this functionality. I personally consider
> L2TP+PPP overkill just to pass down an IP address to a remote client
> so I have favored IPSEC with Mode Config instead of L2TP/PPP over IPSEC.

L2TP does far more than 'just pass down an IP address to a remote client'.

> Mode Config is dead in the IETF but many vendors, including your
> former employer, 

Dan's former employer is my current employer.  

> are shipping Mode Config 

I consider Mode Config to be rather misbegotten.

> to provide remote access
> over IPSEC without the overhead of L2TP. 

What overhead are you talking about?  Network overhead or processing?

> Hopefully, IPSRA will define
> a new mechanism (DHCP?) that also transmits client configuration without
> the overhead of a full L2TP and PPP stack.
> 
> -Ben McCann
> 
> -- 
> Ben McCann                              Indus River Networks
>                                         31 Nagog Park
>                                         Acton, MA, 01720
> email: bmccann@indusriver.com           web: www.indusriver.com 
> phone: (978) 266-8140                   fax: (978) 266-8111
> 
> 


Follow-Ups: References: