SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME

    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: IPSEC: IKE preshared keys, ID payload, and DHCP

    • To: "Ips Reflector (E-mail)" <ips@ece.cmu.edu>
    • Subject: RE: IPSEC: IKE preshared keys, ID payload, and DHCP
    • From: "Michael Klock" <mklock@Crossroads.com>
    • Date: Fri, 14 Dec 2001 11:02:40 -0600
    • content-class: urn:content-classes:message
    • Content-Transfer-Encoding: 8bit
    • Content-Type: text/plain;charset="iso-8859-1"
    • Sender: owner-ips@ece.cmu.edu
    • Thread-Index: AcGCnpQ2ssPhFbqmSsOHbpqCy9ydJwCIlojg
    • Thread-Topic: IPSEC: IKE preshared keys, ID payload, and DHCP
    
If someone could address my question, I'd be most grateful.

Thanks.

>  -----Original Message-----
> From: 	Michael Klock  
> Sent:	Tuesday, December 11, 2001 5:50 PM
> To:	Ips Reflector (E-mail)
> Subject:	IPSEC: IKE preshared keys, ID payload, and DHCP
> 
> 
> I searched the archives, but couldn't find a discussion directly related to this topic. Apologies if I missed one.
> 
> If only the required IKE mode of preshared keys is supported and ID payloads must contain a single IP address (ips-security-06, last paragraph, page 12), how are DHCP-enabled ports handled? When setting up the preshared key, an administrator needs to know the IP address since this is what the ID payload will identify (and what is used to select the preshared key). But can't the IP address change for a DHCP-enabled port on a power cycle, or lease expiration, etc.? Is there an assumption that only ports with static IP addresses are being used?
> 
> In a related vein, will the IPSec DOI definition be updated to include iSCSI names for ID payload types? I think this would remove the problem with DHCP (at least for IKE Aggressive Mode).
> 
> Thanks for the help,
> Mike.
> 
> Michael M. Klock
> Crossroads Systems, Inc.
> (512) 928-7292
>

Home

Last updated: Wed Jan 02 10:17:44 2002
8246 messages in chronological order