[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Modefg considered harmful

To: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Subject: Re: Modefg considered harmful
From: "Scott G. Kelly" <scott@bstormnetworks.com>
Date: Mon, 03 Feb 2003 15:08:03 -0800
CC: ipsec@lists.tislabs.com
Organization: BlackStorm Networks
References: <200302032041.h13KffGB008685@marajade.sandelman.ottawa.on.ca>
Sender: owner-ipsec@lists.tislabs.com

Michael Richardson wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> >>>>> "Van" == Van Aken Dirk <VanAkenD@thmulti.com> writes:
>     Van> Have you thought about following situation ?
> 
>     Van> RemoteOfficeLAN-----SmallIPSecGW-----LargeIPSecGW-----CentralOfficeLAN
> 
>     Van> Following parameters are configured on the SmallIPSecGW:
> 
>   This is out of scope.

Why is this out of scope? This is a common remote access scenario for
deployments utilizing personal sgw's at the remote end.

>   SmallIPsecGW should run a DHCP relay, and tunnel the packets through the
> VPN to the CentralOfficeLAN's DHCP server.

Yes, a la RFC3456. This is one of the remote access applications which
makes the dhcp approach so attractive.

Scott

Follow-Ups:
- Re: Modefg considered harmful
  - From: Michael Richardson <mcr@sandelman.ottawa.on.ca>

References:
- Re: Modefg considered harmful
  - From: Michael Richardson <mcr@sandelman.ottawa.on.ca>

Prev by Date: Re: Revised identity, again
Next by Date: Re: Modefg considered harmful
Prev by thread: Re: Modefg considered harmful
Next by thread: Re: Modefg considered harmful
Index(es):
- Date
- Thread