RFC 3456 (rfc3456) - Page 2 of 18

Dynamic Host Configuration Protocol (DHCPv4) Configuration of IPsec Tunnel Mode

Alternative Format: Original Text Document
< Previous
Next >
RFC 3456          DHCPv4 Config. of IPsec Tunnel Mode       January 2003


Table of Contents

   1. Introduction...................................................  2
     1.1 Terminology.................................................  2
     1.2 Requirements Language.......................................  3
   2. IPsec tunnel mode configuration requirements...................  3
     2.1 DHCP configuration evaluation...............................  3
     2.2 Summary.....................................................  4
   3. Scenario overview..............................................  4
     3.1 Configuration walk-through..................................  5
   4. Detailed description...........................................  6
     4.1 DHCPDISCOVER message processing.............................  6
     4.2 DHCP Relay behavior.........................................  9
     4.3 DHCPREQUEST message processing.............................. 10
     4.4 DHCPACK message processing.................................. 10
     4.5 Configuration policy........................................ 11
   5. Security Considerations........................................ 11
   6. IANA Considerations............................................ 12
   7. Intellectual Property Statement................................ 12
   8. References..................................................... 13
     8.1 Normative References........................................ 13
     8.2 Informative References...................................... 13
   9. Acknowledgments................................................ 14
   Appendix - IKECFG evaluation...................................... 15
   Authors' Addresses................................................ 17
   Full Copyright Statement ......................................... 18

1.  Introduction

   In many remote access scenarios, a mechanism for making the remote
   host appear to be present on the local corporate network is quite
   useful.  This may be accomplished by assigning the host a "virtual"
   address from the corporate network, and then tunneling traffic via
   IPsec from the host's ISP-assigned address to the corporate security
   gateway.  In IPv4, Dynamic Host Configuration Protocol (DHCP) [3]
   provides for such remote host configuration. This document explores
   the requirements for host configuration in IPsec tunnel mode, and
   describes how DHCPv4 may be leveraged for configuration.

1.1.  Terminology

   This document uses the following terms:

   DHCP client
         A DHCP client or "client" is an Internet host using DHCP to
         obtain configuration parameters such as a network address.





Patel, et. al.              Standards Track
< Previous
Next >