I-D ACTION:draft-ietf-mobileip-firewall-trav-00.txt
Internet-Drafts@ietf.org Fri, 28 March 1997 15:22 UTC
Received: from ietf.org by ietf.org id aa17841; 28 Mar 97 10:22 EST
Received: from ietf.ietf.org by ietf.org id aa17575; 28 Mar 97 10:22 EST
Mime-Version: 1.0
Content-Type: Multipart/Mixed; Boundary="NextPart"
To: IETF-Announce:;
cc: mobile-ip@smallworks.com
Sender: ietf-announce-request@ietf.org
From: Internet-Drafts@ietf.org
Reply-to: Internet-Drafts@ietf.org
Subject: I-D ACTION:draft-ietf-mobileip-firewall-trav-00.txt
Date: Fri, 28 Mar 1997 10:22:01 -0500
X-Orig-Sender: cclark@ietf.org
Message-ID: <9703281022.aa17575@ietf.org>
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the IP Routing for Wireless/Mobile Hosts Working Group of the IETF. Title : Firewall Traversal for Mobile IP: Guidelines for Firewalls and Mobile IP entities Author(s) : V. Gupta, S. Glass Filename : draft-ietf-mobileip-firewall-trav-00.txt Pages : 14 Date : 03/27/1997 The use of network security mechanisms such as ingress filtering, firewall systems and private address spaces can disrupt normal operation of Mobile IP [GuGl97]. This document outlines behavioral guidelines for Mobile Nodes, their Home Agents and intervening Firewalls. Compliance with these guidelines allows secure datagram exchange between a mobile node and its home agent even across firewalls, ingress filtering routers and distinct address spaces. To its correspondent nodes, the mobile node appears to be connected to its home network even while roaming on the general Internet. It enjoys the same connectivity (modulo performance penalities) and, if desired, privacy outside its protected domain as on the inside. The guidelines described here solve a restricted, but still useful, variant of the general firewall traversal problem for Mobile IP. They make the following assumptions: (a) All intervening firewalls belong to the mobile node's protected home domain and their existence and relative placement, with respect to a mobile node's current location, is known a priori. (b) Mobile nodes use co-located care-of addresses (rather than Foreign Agents) when outside their protected home domain. (c) Firewalls implement standard protocols for authentication and encryption [RFCs 1825, 1826, 1827] but need not understand Mobile IP message formats. (d) When private addresses are used inside a Mobile node's home domain, the home agent is able to distinguish between private and public addresses. Internet-Drafts are available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-ietf-mobileip-firewall-trav-00.txt". A URL for the Internet-Draft is: ftp://ds.internic.net/internet-drafts/draft-ietf-mobileip-firewall-trav-00.txt Internet-Drafts directories are located at: o Africa: ftp.is.co.za o Europe: ftp.nordu.net ftp.nis.garr.it o Pacific Rim: munnari.oz.au o US East Coast: ds.internic.net o US West Coast: ftp.isi.edu Internet-Drafts are also available by mail. Send a message to: mailserv@ds.internic.net. In the body type: "FILE /internet-drafts/draft-ietf-mobileip-firewall-trav-00.txt". NOTE: The mail server at ds.internic.net can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e., documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft.
- I-D ACTION:draft-ietf-mobileip-firewall-trav-00.t… Internet-Drafts