[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Modefg considered harmful



"Scott G. Kelly" <scott@bstormnetworks.com> writes:

> Hi Michael,
> 
> Michael Richardson wrote:
> > 
> >   The degenerate case is a client connecting to a security-gateway/firewall
> > of a small organization. It should get the same inner-address as when it is
> > plugged into the organization LAN.
> 
> In my experience, this leads to routing issues that are most easily
> resolved by ensuring that remote access client addresses are *never*
> assigned internally.

But that's not what I want..  I want my statically-assigned DHCP
address regardless of whether I'm on the 100BaseT internal LAN, the
802.11 wireless lan, or connected via IPsec VPN.  I don't want to
enforce an architecture where this is no longer possible.

I see no reason it SHOULDN'T be possible to allow this to work.  DCHP
will already assign me the same address on the wired or wireless
interface.  The only issue is getting that address via the IPsec
gateway.

> Scott

-derek

-- 
       Derek Atkins
       Computer and Internet Security Consultant
       derek@ihtfp.com             www.ihtfp.com