|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] IPSEC: IKE preshared keys, ID payload, and DHCPI searched the archives, but couldn't find a discussion directly related to this topic. Apologies if I missed one. If only the required IKE mode of preshared keys is supported and ID payloads must contain a single IP address (ips-security-06, last paragraph, page 12), how are DHCP-enabled ports handled? When setting up the preshared key, an administrator needs to know the IP address since this is what the ID payload will identify (and what is used to select the preshared key). But can't the IP address change for a DHCP-enabled port on a power cycle, or lease expiration, etc.? Is there an assumption that only ports with static IP addresses are being used? In a related vein, will the IPSec DOI definition be updated to include iSCSI names for ID payload types? I think this would remove the problem with DHCP (at least for IKE Aggressive Mode). Thanks for the help, Mike. Michael M. Klock Crossroads Systems, Inc. (512) 928-7292
Home Last updated: Fri Dec 14 12:17:40 2001 8055 messages in chronological order |