Browse Prior Art Database

Requirements for IPsec Remote Access Scenarios (RFC3457)

IP.com Disclosure Number: IPCOM000011352D
Original Publication Date: 2003-Jan-01
Included in the Prior Art Database: 2003-Feb-14
Document File: 32 page(s) / 75K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

S. Kelly: AUTHOR [+2]

Abstract

IPsec offers much promise as a secure remote access mechanism. However, there are a number of differing remote access scenarios, each having some shared and some unique requirements. A thorough understanding of these requirements is necessary in order to effectively evaluate the suitability of a specific set of mechanisms for any particular remote access scenario. This document enumerates the requirements for a number of common remote access scenarios.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 4% of the total text.

Network Working Group                                           S. Kelly

Request for Comments: 3457                                     Airespace

Category: Informational                                   S. Ramamoorthi

                                                        Juniper Networks

                                                            January 2003

             Requirements for IPsec Remote Access Scenarios

Status of this Memo

   This memo provides information for the Internet community.  It does

   not specify an Internet standard of any kind.  Distribution of this

   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2003).  All Rights Reserved.

Abstract

   IPsec offers much promise as a secure remote access mechanism.

   However, there are a number of differing remote access scenarios,

   each having some shared and some unique requirements.  A thorough

   understanding of these requirements is necessary in order to

   effectively evaluate the suitability of a specific set of mechanisms

   for any particular remote access scenario.  This document enumerates

   the requirements for a number of common remote access scenarios.

Table of Contents

   1. Introduction  . . . . . . . . . . . . . . . . . . . . . . .   2

      1.1 Requirements Terminology . . . . . . . . . . . . . . . .  3

      1.2 Reader Prerequisites . . . . . . . . . . . . . . . . . .  3

      1.3 General Terminology  . . . . . . . . . . . . . . . . . .  4

      1.4 Document Content and Organization  . . . . . . . . . . .  4

   2. Overview  . . . . . . . . . . . . . . . . . . . . . . . . .   5

      2.1 Endpoint Authentication . . . . . . . . . . . . . . . .   6

         2.1.1 Machine-Level Authentication . . . . . . . . . . .   7

         2.1.2 User-Level Authentication  . . . . . . . . . . . .   7

         2.1.3 Combined User/Machine Authentication . . . . . . .   8

         2.1.4 Remote Access Authentication . . . . . . . . . . .   8

         2.1.5 Compatibility With Legacy Remote Access Mechanisms   9

      2.2 Remote Host Configuration  . . . . . . . . . . . . . . . 10

      2.3 Security Policy Configuration  . . . . . . . . . . . . . 11

      2.4 Auditing . . . . . . . . . . . . . . . . . . . . . . . . 12

      2.5 Intermediary Traversal . . . . . . . . . . . . . . . . . 13

Kelly & Ramamoorthi          Informational                      [Page 1]

RFC 3457             IPsec Remote Access Scenarios          January 2003

   3. Scenarios . . . . . . . . . . . . . . . . . . . . . . . . .  13

      3.1 Telecommuters (Dialup/DSL/Cablemodem)  . . . . . . . . . 14

      ®..