[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Modefg considered harmful
Michael Richardson wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> >>>>> "Van" == Van Aken Dirk <VanAkenD@thmulti.com> writes:
> Van> Have you thought about following situation ?
>
> Van> RemoteOfficeLAN-----SmallIPSecGW-----LargeIPSecGW-----CentralOfficeLAN
>
> Van> Following parameters are configured on the SmallIPSecGW:
>
> This is out of scope.
Why is this out of scope? This is a common remote access scenario for
deployments utilizing personal sgw's at the remote end.
> SmallIPsecGW should run a DHCP relay, and tunnel the packets through the
> VPN to the CentralOfficeLAN's DHCP server.
Yes, a la RFC3456. This is one of the remote access applications which
makes the dhcp approach so attractive.
Scott