Dynamic Host Configuration Protocol (DHCPv4) Configuration of IPsec Tunnel Mode

Patel, B.; Aboba, Bernard; Kelly, Scott; Gupta, Vipul

doi:10.17487/rfc3456

Cited by 7 publications

(6 citation statements)

References 25 publications

(36 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…For completeness: a solution modeled after [RFC3456] would combine (1) the router aggregation link model, (2) prefix information distribution and unique address allocation with DHCPv6, and (3) access control enforced by IPsec SAD/SPD.…”

Section: A65 Sketch Based On Rfc 3456mentioning

confidence: 99%

IPv6 Configuration in Internet Key Exchange Protocol Version 2 (IKEv2)

Laganier¹,

Madson²,

Eronen³

2010

View full text Add to dashboard Cite

When Internet Key Exchange Protocol version 2 (IKEv2) is used for remote VPN access (client to VPN gateway), the gateway assigns the client an IP address from the internal network using IKEv2 configuration payloads. The configuration payloads specified in RFC 4306 work well for IPv4 but make it difficult to use certain features of IPv6. This document specifies new configuration attributes for IKEv2 that allows the VPN gateway to assign IPv6 prefixes to clients, enabling all features of IPv6 to be used with the client-gateway "virtual link". Status of This Memo This document is not an Internet Standards Track specification; it is published for examination, experimental implementation, and evaluation. This document defines an Experimental Protocol for the Internet community. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are a candidate for any level of Internet Standard; see Section 2 of RFC 5741. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc5739.

show abstract

Section: A65 Sketch Based On Rfc 3456mentioning

confidence: 99%

IPv6 Configuration in Internet Key Exchange Protocol Version 2 (IKEv2)

Laganier¹,

Madson²,

Eronen³

2010

View full text Add to dashboard Cite

show abstract

“…i-HA: Mobile IPv4 home agent residing in the internal network; typically has a private address [privaddr]. VPN-TIA: VPN tunnel inner address, the address(es) negotiated during IKE phase 2 (quick mode), assigned manually, using IPsec-DHCP [RFC3456], using the "de facto" standard Internet Security Association and Key Management Protocol (ISAKMP) configuration mode, or by some other means. Some VPN clients use their current care-of address as their Tunnel Inner Address (TIA) for architectural reasons.…”

Section: I-famentioning

confidence: 99%

Mobile IPv4 Traversal across IPsec-Based VPN Gateways

Vaarala¹,

Klovning²

2008

View full text Add to dashboard Cite

Mobile IPv4 Traversal across IPsec-Based VPN Gateways Status of This Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.

show abstract

“…Consequently, support for dynamic IP address assignment, as described in [RFC3456], will typically not be required, although it cannot be ruled out. Such facilities will also be relevant to iSCSI hosts whose addresses are dynamically assigned.…”

Section: Requirements Languagementioning

confidence: 99%

“…At present this is not a very common scenario; however, if address assignment is provided, then DHCP-based address assignment within IPsec tunnel mode [RFC3456] MUST be supported. Note that this mechanism is not yet widely deployed within IPsec security gateways; existing IPsec tunnel mode servers typically implement this functionality via proprietary extensions to IKE.…”

Section: Ipsec Tunnel Mode Addressing Considerationsmentioning

confidence: 99%