I-D ACTION:draft-ietf-mobileip-firewall-trav-00.txt

Internet-Drafts@ietf.org Fri, 28 March 1997 15:22 UTC

Mime-Version: 1.0
Content-Type: Multipart/Mixed; Boundary="NextPart"
To: IETF-Announce:;
cc: mobile-ip@smallworks.com
Sender: ietf-announce-request@ietf.org
From: Internet-Drafts@ietf.org
Reply-to: Internet-Drafts@ietf.org
Subject: I-D ACTION:draft-ietf-mobileip-firewall-trav-00.txt
Date: Fri, 28 Mar 1997 10:22:01 -0500
Message-ID: <9703281022.aa17575@ietf.org>

 A New Internet-Draft is available from the on-line Internet-Drafts 
 directories. This draft is a work item of the IP Routing for 
 Wireless/Mobile Hosts Working Group of the IETF.                          

       Title     : Firewall Traversal for Mobile IP: Guidelines for 
                   Firewalls and Mobile IP entities                        
       Author(s) : V. Gupta, S. Glass
       Filename  : draft-ietf-mobileip-firewall-trav-00.txt
       Pages     : 14
       Date      : 03/27/1997

The use of network security mechanisms such as ingress filtering, firewall 
systems and private address spaces can disrupt normal operation of Mobile 
IP [GuGl97]. This document outlines behavioral guidelines for Mobile Nodes,
their Home Agents and intervening Firewalls.  Compliance with these 
guidelines allows secure datagram exchange between a mobile node and its 
home agent even across firewalls, ingress filtering routers and distinct 
address spaces. To its correspondent nodes, the mobile node appears to be 
connected to its home network even while roaming on the general Internet. 
It enjoys the same connectivity (modulo performance penalities) and, if 
desired, privacy outside its protected domain as on the inside.   

The guidelines described here solve a restricted, but still useful, variant 
of the general firewall traversal problem for Mobile IP. They make the 
following assumptions: (a) All intervening firewalls belong to the mobile 
node's protected home domain and their existence and relative placement, 
with respect to a mobile node's current location, is known a priori. (b) 
Mobile nodes use co-located care-of addresses (rather than Foreign Agents) 
when outside their protected home domain. (c) Firewalls implement standard 
protocols for authentication and encryption [RFCs 1825, 1826, 1827] 
but need not understand Mobile IP message formats. (d) When private 
addresses are used inside a Mobile node's home domain, the home agent 
is able to distinguish between private and public addresses.

Internet-Drafts are available by anonymous FTP.  Login with the username
"anonymous" and a password of your e-mail address.  After logging in,
type "cd internet-drafts" and then
     "get draft-ietf-mobileip-firewall-trav-00.txt".
A URL for the Internet-Draft is:
ftp://ds.internic.net/internet-drafts/draft-ietf-mobileip-firewall-trav-00.txt
 
Internet-Drafts directories are located at:	
	                                                
     o  Africa:  ftp.is.co.za                    
	                                                
     o  Europe:  ftp.nordu.net            	
                 ftp.nis.garr.it                 
	                                                
     o  Pacific Rim: munnari.oz.au               
	                                                
     o  US East Coast: ds.internic.net           
	                                                
     o  US West Coast: ftp.isi.edu               
	                                                
Internet-Drafts are also available by mail.	
	                                                
Send a message to:  mailserv@ds.internic.net. In the body type: 
     "FILE /internet-drafts/draft-ietf-mobileip-firewall-trav-00.txt".
							
NOTE: The mail server at ds.internic.net can return the document in
      MIME-encoded form by using the "mpack" utility.  To use this
      feature, insert the command "ENCODING mime" before the "FILE"
      command.  To decode the response(s), you will need "munpack" or
      a MIME-compliant mail reader.  Different MIME-compliant mail readers
      exhibit different behavior, especially when dealing with
      "multipart" MIME messages (i.e., documents which have been split
      up into multiple messages), so check your local documentation on
      how to manipulate these messages.
							
							

Below is the data which will enable a MIME compliant mail reader 
implementation to automatically retrieve the ASCII version
of the Internet-Draft.

ftp://ds.internic.net/internet-drafts/draft-ietf-mobileip-firewall-trav-00.txt"><ftp://ds.internic.net/internet-drafts/draft-ietf-mobileip-firewall-trav-00.txt>

I-D ACTION:draft-ietf-mobileip-firewall-trav-00.t… Internet-Drafts