RFC 3457 (rfc3457) - Page 2 of 31
Requirements for IPsec Remote Access Scenarios
Alternative Format: Original Text Document
RFC 3457 IPsec Remote Access Scenarios January 2003
3. Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . 13
3.1 Telecommuters (Dialup/DSL/Cablemodem) . . . . . . . . . 14
3.1.1 Endpoint Authentication Requirements . . . . . . . 15
3.1.2 Device Configuration Requirements . . . . . . . . 16
3.1.3 Policy Configuration Requirements . . . . . . . . 17
3.1.4 Auditing Requirements . . . . . . . . . . . . . . 18
3.1.5 Intermediary Traversal Requirements . . . . . . . 18
3.2 Corporate to Remote Extranet . . . . . . . . . . . . . . 19
3.2.1 Authentication Requirements . . . . . . . . . . . 19
3.2.2 Device Configuration Requirements . . . . . . . . 20
3.2.3 Policy Configuration Requirements . . . . . . . . 21
3.2.4 Auditing Requirements . . . . . . . . . . . . . . 21
3.2.5 Intermediary Traversal Requirements . . . . . . . 21
3.3 Extranet Laptop to Home Corporate Net . . . . . . . . . 22
3.3.1 Authentication Requirements . . . . . . . . . . . 22
3.3.2 Device Configuration Requirements . . . . . . . . 23
3.3.3 Policy Configuration Requirements . . . . . . . . 23
3.3.4 Auditing Requirements . . . . . . . . . . . . . . 24
3.3.5 Intermediary Traversal Requirements . . . . . . . 24
3.4 Extranet Desktop to Home Corporate Net . . . . . . . . . 25
3.4.1 Authentication Requirements . . . . . . . . . . . 25
3.4.2 Device Configuration Requirements . . . . . . . . 26
3.4.3 Policy Configuration Requirements . . . . . . . . 26
3.4.4 Auditing Requirements . . . . . . . . . . . . . . 26
3.4.5 Intermediary Traversal Requirements . . . . . . . 26
3.5 Public System to Target Network . . . . . . . . . . . . 27
3.5.1 Authentication Requirements . . . . . . . . . . . 27
3.5.2 Device Configuration Requirements . . . . . . . . 28
3.5.3 Policy Configuration Requirements . . . . . . . . 28
3.5.4 Auditing Requirements . . . . . . . . . . . . . . 29
3.5.5 Intermediary Traversal Requirements . . . . . . . 29
4. Scenario Commonalities . . . . . . . . . . . . . . . . . . 29
5. Security Considerations . . . . . . . . . . . . . . . . . . 30
6. References . . . . . . . . . . . . . . . . . . . . . . . . 30
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . 30
8. Editors' Addresses. . . . . . . . . . . . . . . . . . . . . 30
9. Full Copyright Statement . . . . . . . . . . . . . . . . . 31
1. Introduction
Until recently, remote access has typically been characterized by
dial-up users accessing the target network via the Public Switched
Telephone Network (PSTN), with the dial-up connection terminating at
a Network Access Server (NAS) within the target domain. The
protocols facilitating this have usually been PPP-based, and access
control, authorization, and accounting functions have typically been
provided using one or more of a number of available mechanisms,
including RADIUS [RADIUS].
Kelly & Ramamoorthi Informational
