[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Modefg considered harmful

To: "'ddukes@cisco.com'" <ddukes@cisco.com>, Michael Richardson <mcr@sandelman.ottawa.on.ca>, ipsec@lists.tislabs.com
Subject: RE: Modefg considered harmful
From: Van Aken Dirk <VanAkenD@thmulti.com>
Date: Tue, 4 Feb 2003 16:59:08 +0100
Cc: "Scott G. Kelly" <scott@bstormnetworks.com>
Sender: owner-ipsec@lists.tislabs.com



> -----Original Message-----
> From: Darren Dukes [mailto:ddukes@cisco.com]
> Sent: dinsdag 4 februari 2003 16:42
> To: Van Aken Dirk; Michael Richardson; ipsec@lists.tislabs.com
> Cc: Scott G. Kelly
> Subject: RE: Modefg considered harmful 
> 
> 
> Actually with this scenario a DHCP relay within the 
> RemoteOfficeLAN instead
> of on the SmallIPsecGW would likely be the implementation of choice.
> RFC3456 does not say anything about the relay being on the inside LAN
> interface, only the interface terminating IKE-SAs so I don't 
> think it could
> be applied to this scenario.

Hi Darren,

The point I wanted to make was that probably NetAdmins are already using
DHCP in one form or another.

> 
> Regarding your comments about modecfg, there is no need for 
> an address pool
> on the LargeIPsecGW since it could act as a DHCP-client when 
> it receives
> modecfg requests from an IRAC instead of having its ipsec 
> engine sniffing
> for inbound DHCP packets and forwarding them to the internal 
> DHCP relay.
> 
> Darren.
> 
> PS - I know you don't like the idea of dhcp to modecfg 
> conversion by the
> LargeIPsecGW.

At least we agree on this point ;-)

Prev by Date: [IPsec and remote access] Security Policy Configuration
Next by Date: RE: Modefg considered harmful
Prev by thread: RE: Modefg considered harmful
Next by thread: RE: Modefg considered harmful
Index(es):
- Date
- Thread