RFC 2356 (rfc2356) - Page 1 of 24


Sun's SKIP Firewall Traversal for Mobile IP



Alternative Format: Original Text Document



Network Working Group                                      G. Montenegro
Request for Comments: 2356                                      V. Gupta
Category: Informational                           Sun Microsystems, Inc.
                                                               June 1998


              Sun's SKIP Firewall Traversal for Mobile IP

Status of This Memo

   This memo provides information for the Internet community.  This memo
   does not specify an Internet standard of any kind.  Distribution of
   this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (1998).  All Rights Reserved.

Abstract

   The Mobile IP specification establishes the mechanisms that enable a
   mobile host to maintain and use the same IP address as it changes its
   point of attachment to the network. Mobility implies higher security
   risks than static operation, because the traffic may at times take
   unforeseen network paths with unknown or unpredictable security
   characteristics. The Mobile IP specification makes no provisions for
   securing data traffic.  The mechanisms described in this document
   allow a mobile node out on a public sector of the internet to
   negotiate access past a SKIP firewall, and construct a secure channel
   into its home network.

   In addition to securing traffic, our mechanisms allow a mobile node
   to roam into regions that (1) impose ingress filtering, and (2) use a
   different address space.

Table of Contents

   1. Introduction ...............................................    2
   2. Mobility without a Firewall ................................    4
   3. Restrictions imposed by a Firewall .........................    4
   4. Two Firewall Options: Application relay and IP Security ....    5
   4.1 SOCKS version 5 [4] .......................................    5
   4.2 SKIP [3] ..................................................    6
   5. Agents and Mobile Node Configurations ......................    8
   6. Supporting Mobile IP: Secure Channel Configurations ........    9
   6.1 I: Encryption only Outside of Private Network .............    9
   6.2 II: End-to-End Encryption .................................   10
   6.3 III: End-to-End Encryption, Intermediate Authentication ...   10



Montenegro & Gupta           Informational