Browse Prior Art Database

Sun's SKIP Firewall Traversal for Mobile IP (RFC2356)

IP.com Disclosure Number: IPCOM000002926D
Original Publication Date: 1998-Jun-01
Included in the Prior Art Database: 2019-Feb-15
Document File: 24 page(s) / 33K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

G. Montenegro: AUTHOR [+1]

Related Documents

10.17487/RFC2356: DOI

Abstract

The Mobile IP specification establishes the mechanisms that enable a mobile host to maintain and use the same IP address as it changes its point of attachment to the network. The mechanisms described in this document allow a mobile node out on a public sector of the internet to negotiate access past a SKIP firewall, and construct a secure channel into its home network. This memo provides information for the Internet community. This memo does not specify an Internet standard of any kind.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 7% of the total text.

Network Working Group G. Montenegro Request for Comments: 2356 V. Gupta Category: Informational Sun Microsystems, Inc. June 1998

Sun’s SKIP Firewall Traversal for Mobile IP

Status of This Memo

This memo provides information for the Internet community. This memo does not specify an Internet standard of any kind. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (1998). All Rights Reserved.

Abstract

The Mobile IP specification establishes the mechanisms that enable a mobile host to maintain and use the same IP address as it changes its point of attachment to the network. Mobility implies higher security risks than static operation, because the traffic may at times take unforeseen network paths with unknown or unpredictable security characteristics. The Mobile IP specification makes no provisions for securing data traffic. The mechanisms described in this document allow a mobile node out on a public sector of the internet to negotiate access past a SKIP firewall, and construct a secure channel into its home network.

In addition to securing traffic, our mechanisms allow a mobile node to roam into regions that (1) impose ingress filtering, and (2) use a different address space.

Table of Contents

1. Introduction ............................................... 2 2. Mobility without a Firewall ................................ 4 3. Restrictions imposed by a Firewall ......................... 4 4. Two Firewall Options: Application relay and IP Security .... 5 4.1 SOCKS version 5 [4] ....................................... 5 4.2 SKIP [3] .................................................. 6 5. Agents and Mobile Node Configurations ...................... 8 6. Supporting Mobile IP: Secure Channel Configurations ........ 9 6.1 I: Encryption only Outside of Private Network ............. 9 6.2 II: End-to-End Encryption ................................. 10 6.3 III: End-to-End Encryption, Intermediate Authentication ... 10

Montenegro & Gupta Informational [Page 1]

RFC 2356 Sun’s SKIP Firewall Traversal for Mobile IP June 1998

6.4 IV: Encryption Inside and Outside ......................... 10 6.5 Choosing a Secure Channel Configuration ................... 11 7. Mobile IP Registration Procedure with a SKIP Firewall ...... 11 7.1. Registration Request through the Firewall ................ 12 7.1.1. On the Outside (Public) Network ........................ 13 7.1.2. On the Inside (Private) Network ........................ 14 7.2. Registration Reply through the Firewall .................. 14 7.2.1. On the Inside (Private) Network ........................ 15 7.2.2. On the Outside (Public) Network ........................ 15 7.3. Traversal Extension ...................................... 16 8. Data Transfer .............................................. 18 8.1. Data Packet From the Mobile Node to a Correspondent Node . 18 8.2. Data Packet From a Correspondent Node to the Mobile Node . 19 8.2.1 Within the Inside (Private) Networ...

Processing...
Loading...