[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Modefg considered harmful
> -----Original Message-----
> From: Darren Dukes [mailto:ddukes@cisco.com]
> Sent: dinsdag 4 februari 2003 16:42
> To: Van Aken Dirk; Michael Richardson; ipsec@lists.tislabs.com
> Cc: Scott G. Kelly
> Subject: RE: Modefg considered harmful
>
>
> Actually with this scenario a DHCP relay within the
> RemoteOfficeLAN instead
> of on the SmallIPsecGW would likely be the implementation of choice.
> RFC3456 does not say anything about the relay being on the inside LAN
> interface, only the interface terminating IKE-SAs so I don't
> think it could
> be applied to this scenario.
Hi Darren,
The point I wanted to make was that probably NetAdmins are already using
DHCP in one form or another.
>
> Regarding your comments about modecfg, there is no need for
> an address pool
> on the LargeIPsecGW since it could act as a DHCP-client when
> it receives
> modecfg requests from an IRAC instead of having its ipsec
> engine sniffing
> for inbound DHCP packets and forwarding them to the internal
> DHCP relay.
>
> Darren.
>
> PS - I know you don't like the idea of dhcp to modecfg
> conversion by the
> LargeIPsecGW.
At least we agree on this point ;-)