RFC 2356 (rfc2356) - Page 2 of 24
Sun's SKIP Firewall Traversal for Mobile IP
Alternative Format: Original Text Document
RFC 2356 Sun's SKIP Firewall Traversal for Mobile IP June 1998
6.4 IV: Encryption Inside and Outside ......................... 10
6.5 Choosing a Secure Channel Configuration ................... 11
7. Mobile IP Registration Procedure with a SKIP Firewall ...... 11
7.1. Registration Request through the Firewall ................ 12
7.1.1. On the Outside (Public) Network ........................ 13
7.1.2. On the Inside (Private) Network ........................ 14
7.2. Registration Reply through the Firewall .................. 14
7.2.1. On the Inside (Private) Network ........................ 15
7.2.2. On the Outside (Public) Network ........................ 15
7.3. Traversal Extension ...................................... 16
8. Data Transfer .............................................. 18
8.1. Data Packet From the Mobile Node to a Correspondent Node . 18
8.2. Data Packet From a Correspondent Node to the Mobile Node . 19
8.2.1 Within the Inside (Private) Network ..................... 20
8.2.2. On the Outside (Public) Network ........................ 21
9. Security Considerations .................................... 21
Acknowledgements .............................................. 22
References .................................................... 22
Authors' Addresses ............................................ 23
Full Copyright Statement ...................................... 24
1. Introduction
This document specifies what support is required at the firewall, the
Mobile IP [1] home agent and the Mobile IP mobile node to enable the
latter to access a private network from the Internet. For example, a
company employee could attach his/her laptop to some Internet access
point by:
a) Dialing into a PPP/SLIP account on an Internet service
provider's network.
b) Connecting into a 10Base-T or similar LAN network available
at, for example, an IETF terminal room, a local university,
or another company's premises.
Notice that in these examples, the mobile node's relevant interface
(PPP or 10Base-T) is configured with an IP address different from
that which it uses "normally" (i.e. at the office). Furthermore, the
IP address used is not necessarily a fixed assignment. It may be
assigned temporarily and dynamically at the beginning of the session
(e.g. by IPCP in the PPP case, or DHCP in the 10Base-T case).
The following discussion assumes a network configuration consisting
of a private network separated by a firewall from the general
Internet or public network. The systems involved are:
Montenegro & Gupta Informational