Dynamic Host Configuration Protocol (DHCPv4) Configuration of IPsec Tunnel Mode
RFC 3456
Document | Type | RFC - Proposed Standard (January 2003; No errata) | |
---|---|---|---|
Authors | Vipul Gupta , Baiju Patel , Bernard Aboba , Scott Kelly | ||
Last updated | 2015-10-14 | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized bibtex | ||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 3456 (Proposed Standard) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Steven Bellovin | ||
Send notices to | (None) |
Network Working Group B. Patel Request for Comments: 3456 Intel Corp Category: Standards Track B. Aboba Microsoft S. Kelly Airespace V. Gupta Sun Microsystems, Inc. January 2003 Dynamic Host Configuration Protocol (DHCPv4) Configuration of IPsec Tunnel Mode Status of this Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2003). All Rights Reserved. Abstract This memo explores the requirements for host configuration in IPsec tunnel mode, and describes how the Dynamic Host Configuration Protocol (DHCPv4) may be leveraged for configuration. In many remote access scenarios, a mechanism for making the remote host appear to be present on the local corporate network is quite useful. This may be accomplished by assigning the host a "virtual" address from the corporate network, and then tunneling traffic via IPsec from the host's ISP-assigned address to the corporate security gateway. In IPv4, DHCP provides for such remote host configuration. Patel, et. al. Standards Track [Page 1] RFC 3456 DHCPv4 Config. of IPsec Tunnel Mode January 2003 Table of Contents 1. Introduction................................................... 2 1.1 Terminology................................................. 2 1.2 Requirements Language....................................... 3 2. IPsec tunnel mode configuration requirements................... 3 2.1 DHCP configuration evaluation............................... 3 2.2 Summary..................................................... 4 3. Scenario overview.............................................. 4 3.1 Configuration walk-through.................................. 5 4. Detailed description........................................... 6 4.1 DHCPDISCOVER message processing............................. 6 4.2 DHCP Relay behavior......................................... 9 4.3 DHCPREQUEST message processing.............................. 10 4.4 DHCPACK message processing.................................. 10 4.5 Configuration policy........................................ 11 5. Security Considerations........................................ 11 6. IANA Considerations............................................ 12 7. Intellectual Property Statement................................ 12 8. References..................................................... 13 8.1 Normative References........................................ 13 8.2 Informative References...................................... 13 9. Acknowledgments................................................ 14 Appendix - IKECFG evaluation...................................... 15 Authors' Addresses................................................ 17 Full Copyright Statement ......................................... 18 1. Introduction In many remote access scenarios, a mechanism for making the remote host appear to be present on the local corporate network is quite useful. This may be accomplished by assigning the host a "virtual" address from the corporate network, and then tunneling traffic via IPsec from the host's ISP-assigned address to the corporate security gateway. In IPv4, Dynamic Host Configuration Protocol (DHCP) [3] provides for such remote host configuration. This document explores the requirements for host configuration in IPsec tunnel mode, and describes how DHCPv4 may be leveraged for configuration. 1.1. Terminology This document uses the following terms: DHCP client A DHCP client or "client" is an Internet host using DHCP to obtain configuration parameters such as a network address. Patel, et. al. Standards Track [Page 2] RFC 3456 DHCPv4 Config. of IPsec Tunnel Mode January 2003 DHCP server A DHCP server or "server" is an Internet host that returns configuration parameters to DHCP clients. 1.2. Requirements language In this document, the key words "MAY", "MUST, "MUST NOT", "optional",Show full document text