[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Windows 2000 and Cicsco router interoperability
Ben McCann {mailto://bmccann@indusriver.com] writes:
> Dan Harkins wrote:
> >
> > Since when is implementation of Mode Config (or XAUTH) necessary
> > to be appropriate for remote access? Actually, Win2K seems to be
> > using _standard protocols_ (IPSec-- err, IPsec, L2TP, PPP) to
> > solve the problem. Imagine that.
> >
> > Dan.
>
> I said "IMHO, an assigned virtual IP address is mandatory for remote
> access applications". Given that opinion, Mode Config is currently
> the most commonly implemented mechanism _within_ IPSEC that passes an
> IP address to a remote access client. (I know IPSRA is working on
> _new_ mechanisms but few, if any, of those mechanisms are implemented).
>
> L2TP over IPSEC also provides this functionality. I personally consider
> L2TP+PPP overkill just to pass down an IP address to a remote client
> so I have favored IPSEC with Mode Config instead of L2TP/PPP over IPSEC.
L2TP does far more than 'just pass down an IP address to a remote client'.
> Mode Config is dead in the IETF but many vendors, including your
> former employer,
Dan's former employer is my current employer.
> are shipping Mode Config
I consider Mode Config to be rather misbegotten.
> to provide remote access
> over IPSEC without the overhead of L2TP.
What overhead are you talking about? Network overhead or processing?
> Hopefully, IPSRA will define
> a new mechanism (DHCP?) that also transmits client configuration without
> the overhead of a full L2TP and PPP stack.
>
> -Ben McCann
>
> --
> Ben McCann Indus River Networks
> 31 Nagog Park
> Acton, MA, 01720
> email: bmccann@indusriver.com web: www.indusriver.com
> phone: (978) 266-8140 fax: (978) 266-8111
>
>
Follow-Ups:
References: