[vpn] Dynamic IP & Branch-office VPN Tunnels
Scott Penno
scott.penno at gennex.com.au
Tue Jul 2 22:39:04 EDT 2002
IPSec from a device with a dynamic address [branch] to a device with a
fixed IP address [central] is indeed supported as part of the standard.
Where multiple IPSec policies exist on the central site VPN device, some
form of identification [the ID field within the negotiation] is required
to ensure that the correct IPSec policy is selected for the remote device.
I believe this is exactly the scenario being used by the Netscreen device
and that I've experienced with devices from other vendors including Allied
Telesyn and TimeStep and client software from SafeNet and TimeStep
Scott.
----- Original Message -----
From: "Dante Mercurio" <dmercurio at ccgsecurity.com>
To: <vpn at securityfocus.com>
Sent: Wednesday, July 03, 2002 6:52 AM
Subject: [vpn] Dynamic IP & Branch-office VPN Tunnels
Are there any industry standards (or ones being developed) in regard to
creating a branch office VPN with a device that gets a dynamic IP?
It seems that each manufacturer has it's own proprietary solution
limiting any implmentation to their brand only. WatchGuard uses a
proprietary protocol they call DVCP. NetScreen uses peer ID's.
Checkpoint appliances have a version of their client that is invoked via
a web browser, etc.
M. Dante Mercurio, CCNA, MCSE+I, CCSA
dmercurio at ccgsecurity.com
Consulting Group Manager
Continental Consulting Group, LLC
www.ccgsecurity.com
VPN is sponsored by SecurityFocus.com
VPN is sponsored by SecurityFocus.com
More information about the VPN
mailing list