Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Requirements for IPsec Remote Access Scenarios (RFC3457)

IP.com Disclosure Number: IPCOM000011352D
Original Publication Date: 2003-Jan-01
Included in the Prior Art Database: 2003-Feb-14
Document File: 32 page(s) / 75K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

S. Kelly: AUTHOR [+2]

Abstract

IPsec offers much promise as a secure remote access mechanism. However, there are a number of differing remote access scenarios, each having some shared and some unique requirements. A thorough understanding of these requirements is necessary in order to effectively evaluate the suitability of a specific set of mechanisms for any particular remote access scenario. This document enumerates the requirements for a number of common remote access scenarios.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 4% of the total text.

Network Working Group� � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � S. Kelly

Request for Comments: 3457� � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � Airespace

Category: Informational� � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � S. Ramamoorthi

� � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � Juniper Networks

� � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � January 2003

� � � � � � � � � � � � Requirements for IPsec Remote Access Scenarios

Status of this Memo

� � This memo provides information for the Internet community.� It does

� � not specify an Internet standard of any kind.� Distribution of this

� � memo is unlimited.

Copyright Notice

� � Copyright (C) The Internet Society (2003).� All Rights Reserved.

Abstract

� � IPsec offers much promise as a secure remote access mechanism.

� � However, there are a number of differing remote access scenarios,

� � each having some shared and some unique requirements.� A thorough

� � understanding of these requirements is necessary in order to

� � effectively evaluate the suitability of a specific set of mechanisms

� � for any particular remote access scenario.� This document enumerates

� � the requirements for a number of common remote access scenarios.

Table of Contents

� � 1. Introduction� . . . . . . . . . . . . . . . . . . . . . . .� � 2

� � � � � 1.1 Requirements Terminology . . . . . . . . . . . . . . . .� 3

� � � � � 1.2 Reader Prerequisites . . . . . . . . . . . . . . . . . .� 3

� � � � � 1.3 General Terminology� . . . . . . . . . . . . . . . . . .� 4

� � � � � 1.4 Document Content and Organization� . . . . . . . . . . .� 4

� � 2. Overview� . . . . . . . . . . . . . . . . . . . . . . . . .� � 5

� � � � � 2.1 Endpoint Authentication . . . . . . . . . . . . . . . .� � 6

� � � � � � � � 2.1.1 Machine-Level Authentication . . . . . . . . . . .� � 7

� � � � � � � � 2.1.2 User-Level Authentication� . . . . . . . . . . . .� � 7

� � � � � � � � 2.1.3 Combined User/Machine Authentication . . . . . . .� � 8

� � � � � � � � 2.1.4 Remote Access Authentication . . . . . . . . . . .� � 8

� � � � � � � � 2.1.5 Compatibility With Legacy Remote Access Mechanisms� � 9

� � � � � 2.2 Remote Host Configuration� . . . . . . . . . . . . . . . 10

� � � � � 2.3 Security Policy Configuration� . . . . . . . . . . . . . 11

� � � � � 2.4 Auditing . . . . . . . . . . . . . . . . . . . . . . . . 12

� � � � � 2.5 Intermediary Traversal . . . . . . . . . . . . . . . . . 13

Kelly & Ramamoorthi� � � � � � � � � Informational� � � � � � � � � � � � � � � � � � � � � [Page 1]

RFC 3457� � � � � � � � � � � � IPsec Remote Access Scenarios� � � � � � � � � January 2003

� � 3. Scenarios . . . . . . . . . . . . . . . . . . . . . . . . .� 13

� � � � � 3.1 Telecommuters (Dialup/DSL/Cablemodem)� . . . . . . . . . 14

� � � � � � �...