[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

typical IPsec-based VPNs incl. modecfg vs. DHCP

I have a = few clarifications regarding usage of IPsec for VPNs. I have been even going th= rough the thread of Modecfg vs. DHCP and seem a little confused regarding the functionality. - This pa= rticular debate of Modecfg vs. DHCP relates only to remote access scenarios or does = it extend to address management for site-to-site VPNs. I would distinguish the= 2 using the following definitions- One tunnel per machine and address to be g= iven out (whichever way - modecfg or DHCP) at tunnel setup time would be Remote Access. Site-to-site would be that tunnel is setup apriori between 2 gatewa= ys and both sides would be different private subnets. Users in site-to-site VP= Ns get addresses typically from their own subnet's DHCP servers. Please correc= t me if i am wrong.. - Is it a= lso possible that in a site-to-site VPN the address allocation is handled by on= ly one of the private networks (subnets). ie. DHCP is tunneled over to this ne= twork from all other private networks and responses tunneled back? Is it a typica= l setup? Is the discussion of modecfg vs. DHCP relevant in this case? I assum= e that their might be some routing issues in this setup for tunneling the responses back to the DHCP requesters through the right tunnels. Maybe some= state maintenance at the gateways. - Typical= IPsec implementations. Most of them are bump in the stack (software ones).. Am I correct? Does it mean that IP routing is the only way to direct traffic int= o the right tunnels? i.e destination address based. Are their any implementations= that do not follow this paradigm. Any pointers would be helpful. <= /DIV> thanks -Bik ------------------------------------------------------------------= ------------------------ Bik Singh     818-575-2518 (Off) Research Scientist = 818-597-1502 (Fax) Product Development   31355 Agoura Road Nomadix Westlake Village, CA 91361