Re: [Call-home] Why not IPsec with IKEv2 + NAT-T?

Eliot Lear <lear@cisco.com> Thu, 29 September 2005 16:19 UTC

Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EL18U-0007Mu-7y; Thu, 29 Sep 2005 12:19:54 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EL18S-0007LE-JN for call-home@megatron.ietf.org; Thu, 29 Sep 2005 12:19:52 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA21014 for <call-home@ietf.org>; Thu, 29 Sep 2005 12:19:49 -0400 (EDT)
Received: from sj-iport-5.cisco.com ([171.68.10.87]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EL1G8-0006WI-BA for call-home@ietf.org; Thu, 29 Sep 2005 12:27:49 -0400
Received: from sj-core-3.cisco.com ([171.68.223.137]) by sj-iport-5.cisco.com with ESMTP; 29 Sep 2005 09:19:42 -0700
X-IronPort-AV: i="3.97,158,1125903600"; d="scan'208"; a="215809817:sNHT31346508"
Received: from imail.cisco.com (imail.cisco.com [128.107.200.91]) by sj-core-3.cisco.com (8.12.10/8.12.6) with ESMTP id j8TGJYVt026894; Thu, 29 Sep 2005 09:19:35 -0700 (PDT)
Received: from [212.254.247.4] (ams-clip-vpn-dhcp79.cisco.com [10.61.64.79]) by imail.cisco.com (8.12.11/8.12.10) with ESMTP id j8TGVGEI007144; Thu, 29 Sep 2005 09:31:17 -0700
Message-ID: <433C1418.6060507@cisco.com>
Date: Thu, 29 Sep 2005 18:19:36 +0200
From: Eliot Lear <lear@cisco.com>
User-Agent: Mozilla Thunderbird 1.0.6 (Macintosh/20050716)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Pekka Nikander <pekka.nikander@nomadiclab.com>
Subject: Re: [Call-home] Why not IPsec with IKEv2 + NAT-T?
References: <433979ED.1000000@cisco.com> <7F8A2E5A-90A9-404E-9247-DBF93FAB367A@nomadiclab.com> <900D9AC5-1AB6-4063-9AEE-C227F94BDBA9@softarmor.com> <B3EF030E-4F05-460E-A6AF-798B0CE4B5F3@nomadiclab.com>
In-Reply-To: <B3EF030E-4F05-460E-A6AF-798B0CE4B5F3@nomadiclab.com>
X-Enigmail-Version: 0.92.0.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
DKIM-Signature: a=rsa-sha1; q=dns; l=361; t=1128011478; x=1128443678; c=nowsp; s=nebraska; h=Subject:From:Date:Content-Type:Content-Transfer-Encoding; d=cisco.com; i=lear@cisco.com; z=Subject:Re=3A=20[Call-home]=20Why=20not=20IPsec=20with=20IKEv2=20+=20NAT-T?| From:Eliot=20Lear=20<lear@cisco.com>| Date:Thu,=2029=20Sep=202005=2018=3A19=3A36=20+0200| Content-Type:text/plain=3B=20charset=3DISO-8859-1| Content-Transfer-Encoding:7bit; b=Zoq4nOBKVwG+uJNM9waq7ymGRpavQfbUYpuS6pXxhnL5tgfmxYCzWNZCoVwZNwXsGE3pgmUn GE1c4+fKD534oYTVjvA0xSlSo+ntxW7gILz4wYA0HfHWjzY87cleD9VFXnKZjdEKU2FycZSR9pm ZJ16yQeORjcZVeUNRmwAzsTk=
Authentication-Results: imail.cisco.com; header.From=lear@cisco.com; dkim=pass ( message from cisco.com verified; );
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 08170828343bcf1325e4a0fb4584481c
Content-Transfer-Encoding: 7bit
Cc: call-home@ietf.org
X-BeenThere: call-home@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Discussion of issues relating to &quot; call home&quot; functionality and firewall traversal" <call-home.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/call-home>, <mailto:call-home-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/call-home>
List-Post: <mailto:call-home@ietf.org>
List-Help: <mailto:call-home-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/call-home>, <mailto:call-home-request@ietf.org?subject=subscribe>
Sender: call-home-bounces@ietf.org
Errors-To: call-home-bounces@ietf.org



> The potential benefit is that you don't need to change your  application
> model that much, and that you may even be able to use  current
> credentials more easily.

Well, define "that much".  Somehow one guy needs to know they're
managing and that the other guy is available.  So the managed device can
establish an IPSEC connection to the manager?  Now the manager needs to
know to manage.  How does that occur?  How will dispatch occur?

Eliot



_______________________________________________
Call-home mailing list
Call-home@ietf.org
https://www1.ietf.org/mailman/listinfo/call-home