Re: mutiple phase 1 tunnel and proxy ID issues
Raul Miller <rdm@test.legislate.com> Wed, 27 May 1998 01:43 UTC
Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id VAA18886 for ipsec-outgoing; Tue, 26 May 1998 21:43:07 -0400 (EDT)
Message-ID: <19980526215819.Q3613@test.legislate.com>
Date: Tue, 26 May 1998 21:58:19 -0400
From: Raul Miller <rdm@test.legislate.com>
To: Roy Pereira <rpereira@TimeStep.com>, Cliff Wang <cxwang@us.ibm.com>, kent@bbn.com
Cc: ipsec@tis.com
Subject: Re: mutiple phase 1 tunnel and proxy ID issues
Mail-Followup-To: Roy Pereira <rpereira@TimeStep.com>, Cliff Wang <cxwang@us.ibm.com>, kent@bbn.com, ipsec@tis.com
References: <319A1C5F94C8D11192DE00805FBBADDF124101@exchange.timestep.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Mailer: Mutt 0.91.1
In-Reply-To: <319A1C5F94C8D11192DE00805FBBADDF124101@exchange.timestep.com>; from Roy Pereira on Tue, May 26, 1998 at 04:29:03PM -0400
Sender: owner-ipsec@ex.tis.com
Precedence: bulk
Roy Pereira <rpereira@TimeStep.com> wrote: > For a mobile client, its phase 1 ID will be something like an email > address since its IP address is not static. It's perfectly valid for a mobile client to have a static ip address. Here, you would have something along the lines of a router (almost a NAT) which the mobile client sits behind. The client comes in from wherever, presents its credentials to the re-router and sets up an encrypted tunnel for the "final hop" in the route to the static address. This is a bit different from a NAT because the client knows about two ip addresses, its dynamic address and its static address. The dynamic address may be fine for transient things like browsing, the static address is more useful for long-term activities. [For efficiency reasons, you may want policy based routing in the client.] Of course it's possible to have a mobile client which doesn't have a long-term identity, or maybe this functionality doesn't show up on the mass-market, but it's quite feasible. -- Raul
- mutiple phase 1 tunnel and proxy ID issues Cliff Wang
- Re: mutiple phase 1 tunnel and proxy ID issues Stephen Kent
- Re: mutiple phase 1 tunnel and proxy ID issues Cliff Wang
- Re: mutiple phase 1 tunnel and proxy ID issues Stephen Kent
- Re: mutiple phase 1 tunnel and proxy ID issues Cliff Wang
- RE: mutiple phase 1 tunnel and proxy ID issues Roy Pereira
- Re: mutiple phase 1 tunnel and proxy ID issues Bronislav Kavsan
- Re: mutiple phase 1 tunnel and proxy ID issues Cliff Wang
- Re: mutiple phase 1 tunnel and proxy ID issues Bronislav Kavsan
- Re: mutiple phase 1 tunnel and proxy ID issues Raul Miller
- Re: mutiple phase 1 tunnel and proxy ID issues Kai Martius
- Re: mutiple phase 1 tunnel and proxy ID issues Cliff Wang
- RE: mutiple phase 1 tunnel and proxy ID issues Roy Pereira
- Re: mutiple phase 1 tunnel and proxy ID issues Bronislav Kavsan
- RE: mutiple phase 1 tunnel and proxy ID issues Roy Pereira
- Re: mutiple phase 1 tunnel and proxy ID issues Bronislav Kavsan
- Re: mutiple phase 1 tunnel and proxy ID issues Will Fiveash