RFC 3457 (rfc3457) - Page 2 of 31


Requirements for IPsec Remote Access Scenarios



Alternative Format: Original Text Document



RFC 3457             IPsec Remote Access Scenarios          January 2003


   3. Scenarios . . . . . . . . . . . . . . . . . . . . . . . . .  13
      3.1 Telecommuters (Dialup/DSL/Cablemodem)  . . . . . . . . . 14
         3.1.1 Endpoint Authentication Requirements . . . . . . .  15
         3.1.2 Device Configuration Requirements  . . . . . . . .  16
         3.1.3 Policy Configuration Requirements  . . . . . . . .  17
         3.1.4 Auditing Requirements  . . . . . . . . . . . . . .  18
         3.1.5 Intermediary Traversal Requirements  . . . . . . .  18
      3.2 Corporate to Remote Extranet . . . . . . . . . . . . . . 19
         3.2.1 Authentication Requirements  . . . . . . . . . . .  19
         3.2.2 Device Configuration Requirements  . . . . . . . .  20
         3.2.3 Policy Configuration Requirements  . . . . . . . .  21
         3.2.4 Auditing Requirements  . . . . . . . . . . . . . .  21
         3.2.5 Intermediary Traversal Requirements  . . . . . . .  21
      3.3 Extranet Laptop to Home Corporate Net . . . . . . . . .  22
         3.3.1 Authentication Requirements  . . . . . . . . . . .  22
         3.3.2 Device Configuration Requirements  . . . . . . . .  23
         3.3.3 Policy Configuration Requirements  . . . . . . . .  23
         3.3.4 Auditing Requirements  . . . . . . . . . . . . . .  24
         3.3.5 Intermediary Traversal Requirements  . . . . . . .  24
      3.4 Extranet Desktop to Home Corporate Net . . . . . . . . . 25
         3.4.1 Authentication Requirements  . . . . . . . . . . .  25
         3.4.2 Device Configuration Requirements  . . . . . . . .  26
         3.4.3 Policy Configuration Requirements  . . . . . . . .  26
         3.4.4 Auditing Requirements  . . . . . . . . . . . . . .  26
         3.4.5 Intermediary Traversal Requirements  . . . . . . .  26
      3.5 Public System to Target Network . . . . . . . . . . . .  27
         3.5.1 Authentication Requirements  . . . . . . . . . . .  27
         3.5.2 Device Configuration Requirements  . . . . . . . .  28
         3.5.3 Policy  Configuration Requirements . . . . . . . .  28
         3.5.4 Auditing Requirements  . . . . . . . . . . . . . .  29
         3.5.5 Intermediary Traversal Requirements  . . . . . . .  29
   4. Scenario Commonalities  . . . . . . . . . . . . . . . . . .  29
   5. Security Considerations . . . . . . . . . . . . . . . . . .  30
   6. References  . . . . . . . . . . . . . . . . . . . . . . . .  30
   7. Acknowledgements  . . . . . . . . . . . . . . . . . . . . .  30
   8. Editors' Addresses. . . . . . . . . . . . . . . . . . . . .  30
   9. Full Copyright Statement  . . . . . . . . . . . . . . . . .  31

1. Introduction

   Until recently, remote access has typically been characterized by
   dial-up users accessing the target network via the Public Switched
   Telephone Network (PSTN), with the dial-up connection terminating at
   a Network Access Server (NAS) within the target domain.  The
   protocols facilitating this have usually been PPP-based, and access
   control, authorization, and accounting functions have typically been
   provided using one or more of a number of available mechanisms,
   including RADIUS [RADIUS].



Kelly & Ramamoorthi          Informational