[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Modefg considered harmful

To: ddukes@cisco.com
Subject: Re: Modefg considered harmful
From: "Scott G. Kelly" <scott@bstormnetworks.com>
Date: Tue, 04 Feb 2003 09:00:26 -0800
CC: Van Aken Dirk <VanAkenD@thmulti.com>, Michael Richardson <mcr@sandelman.ottawa.on.ca>, ipsec@lists.tislabs.com
Organization: BlackStorm Networks
References: <JJEIIAMEIEEPEILEFFODGEGLEDAA.ddukes@cisco.com>
Sender: owner-ipsec@lists.tislabs.com

Hi Darren,

Darren Dukes wrote:
> 
> Actually with this scenario a DHCP relay within the RemoteOfficeLAN instead
> of on the SmallIPsecGW would likely be the implementation of choice.
> RFC3456 does not say anything about the relay being on the inside LAN
> interface, only the interface terminating IKE-SAs so I don't think it could
> be applied to this scenario.

Actually, you could either relay from the inside of the remote lan
alone, or from there *and* from the head-end sgw. The benefit of the
second configuration would be that in such cases, the remote lan need
not be aware of the IP address of the dhcp relay destination. In any
event, the tunnel must either support 0/0 selectors, or there must be a
separate tunnel for the dhcp packets. 

You are correct that the rfc does not explicitly call out this
configuration. It probably should.

Scott

References:
- RE: Modefg considered harmful
  - From: "Darren Dukes" <ddukes@cisco.com>

Prev by Date: RE: Modefg considered harmful
Next by Date: Re: Moving forward with IKE V2: A proposal for final edits to ikev2-04
Prev by thread: RE: Modefg considered harmful
Next by thread: RE: Modefg considered harmful
Index(es):
- Date
- Thread