|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: IPSEC: IKE preshared keys, ID payload, and DHCPIf someone could address my question, I'd be most grateful. Thanks. > -----Original Message----- > From: Michael Klock > Sent: Tuesday, December 11, 2001 5:50 PM > To: Ips Reflector (E-mail) > Subject: IPSEC: IKE preshared keys, ID payload, and DHCP > > > I searched the archives, but couldn't find a discussion directly related to this topic. Apologies if I missed one. > > If only the required IKE mode of preshared keys is supported and ID payloads must contain a single IP address (ips-security-06, last paragraph, page 12), how are DHCP-enabled ports handled? When setting up the preshared key, an administrator needs to know the IP address since this is what the ID payload will identify (and what is used to select the preshared key). But can't the IP address change for a DHCP-enabled port on a power cycle, or lease expiration, etc.? Is there an assumption that only ports with static IP addresses are being used? > > In a related vein, will the IPSec DOI definition be updated to include iSCSI names for ID payload types? I think this would remove the problem with DHCP (at least for IKE Aggressive Mode). > > Thanks for the help, > Mike. > > Michael M. Klock > Crossroads Systems, Inc. > (512) 928-7292 >
Home Last updated: Wed Jan 02 10:17:44 2002 8246 messages in chronological order |