[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Windows 2000 and Cicsco router interoperability

"Scott G. Kelly" wrote:
> Hi Mark,
> "W. Mark Townsley" wrote:
> <trimmed...>
> > > different world with the deployment of dsl and cablemodems, one in which
> > > remote access is taking on new meanings. While the ppp/l2tp efforts
> >
> > Talk to some DSL companies. DSL is a huge driver of L2TP.
> If this is so, I think it may be due to the fact that the ipsra group is
> just getting started. I don't see why many such deployments could not be
> replaced by ipsec tunnel mode. Am I missing something?

PPP has the nice property that you don't have to address the peer
in any way, it being point-to-point and all that. So the client does
not have to be configured with the endpoint in the DSL operator's network.
On the other hand, the DSL operator can put the endpoint anywhere with
the help of L2TP.

To get the same functionality with IPSec tunnel mode, you'd need
the capability to automatically discover the peer address, something
that is supposed to be addressed by IPSP WG. Right?

> > - Standard method of tunnel existance (e.g. "keepalives" or "heartbeats")
> >   (which is quite important for accounting)?
> This is a valid issue for remote access.

Yes, but it would be nice if the method would just detect links that
are non-operational, and NOT force links to stay up in the absence 
of any real customer traffic. 


Ari Huttunen                   phone: +358 9 859 900
Senior Software Engineer       fax  : +358 9 8599 0452

F-Secure Corporation       http://www.F-Secure.com 

F-Secure products: Integrated Solutions for Enterprise Security