[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I-D ACTION:draft-ietf-ipsec-udp-encaps-05.txt



On Mon, 2002-12-23 at 06:55, Internet-Drafts@ietf.org wrote:
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the IP Security Protocol Working Group of the IETF.
> 
> 	Title		: UDP Encapsulation of IPsec Packets
> 	Author(s)	: A. Huttunen et al.
> 	Filename	: draft-ietf-ipsec-udp-encaps-05.txt
> 	Pages		: 0
> 	Date		: 2002-12-20

This may be a typo, but the second paragraph of the introduction
states:  "It is up to the need of the clients whether transport mode or
tunnel mode is to be supported. L2TP/IPsec clients MUST support
transport mode since [RFC 3193] defines that L2TP/IPsec MUST use
transport mode], and IPsec tunnel mode clients MUST support tunnel
mode."  Note that RFC 3193 does not, in fact, require the use of
transport mode with L2TP, just that implementations support transport
mode.  (RFC 3193 section 2.1)  This is sort of cleared up in the next
sentence, but the wording should probably be fixed.

FWIW, this is a bit of a sore spot with me.  We regularly use L2TP over
tunnel mode due to separation of the l2tp server from the IPSEC
concentrator.  This creates problems on the client side (Windows users
in particular) due to dumb client implementations.  

 -sd