IPSEC: IKE preshared keys, ID payload, and DHCP

To: "Ips Reflector (E-mail)" <ips@ece.cmu.edu>
Subject: IPSEC: IKE preshared keys, ID payload, and DHCP
From: "Michael Klock" <mklock@Crossroads.com>
Date: Tue, 11 Dec 2001 17:50:14 -0600
content-class: urn:content-classes:message
Content-Transfer-Encoding: 8bit
Content-Type: text/plain;charset="iso-8859-1"
Sender: owner-ips@ece.cmu.edu
Thread-Index: AcGCnpQ2ssPhFbqmSsOHbpqCy9ydJw==
Thread-Topic: IPSEC: IKE preshared keys, ID payload, and DHCP


I searched the archives, but couldn't find a discussion directly related to this topic. Apologies if I missed one.

If only the required IKE mode of preshared keys is supported and ID payloads must contain a single IP address (ips-security-06, last paragraph, page 12), how are DHCP-enabled ports handled? When setting up the preshared key, an administrator needs to know the IP address since this is what the ID payload will identify (and what is used to select the preshared key). But can't the IP address change for a DHCP-enabled port on a power cycle, or lease expiration, etc.? Is there an assumption that only ports with static IP addresses are being used?

In a related vein, will the IPSec DOI definition be updated to include iSCSI names for ID payload types? I think this would remove the problem with DHCP (at least for IKE Aggressive Mode).

Thanks for the help,
Mike.

Michael M. Klock
Crossroads Systems, Inc.
(512) 928-7292

Prev by Date: RE: iSCSI- Questions about implementation of Multiple connections
Next by Date: Fw: Re: iSCSI Marker questions
Prev by thread: RE: iSCSI- Questions about implementation of Multiple connections
Next by thread: RE: IPSEC: IKE preshared keys, ID payload, and DHCP
Index(es):
- Date
- Thread

Home

Last updated: Fri Dec 14 12:17:40 2001
8055 messages in chronological order