RFC 3457 (rfc3457) - Page 1 of 31


Requirements for IPsec Remote Access Scenarios



Alternative Format: Original Text Document



Network Working Group                                           S. Kelly
Request for Comments: 3457                                     Airespace
Category: Informational                                   S. Ramamoorthi
                                                        Juniper Networks
                                                            January 2003


             Requirements for IPsec Remote Access Scenarios

Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2003).  All Rights Reserved.

Abstract

   IPsec offers much promise as a secure remote access mechanism.
   However, there are a number of differing remote access scenarios,
   each having some shared and some unique requirements.  A thorough
   understanding of these requirements is necessary in order to
   effectively evaluate the suitability of a specific set of mechanisms
   for any particular remote access scenario.  This document enumerates
   the requirements for a number of common remote access scenarios.

Table of Contents

   1. Introduction  . . . . . . . . . . . . . . . . . . . . . . .   2
      1.1 Requirements Terminology . . . . . . . . . . . . . . . .  3
      1.2 Reader Prerequisites . . . . . . . . . . . . . . . . . .  3
      1.3 General Terminology  . . . . . . . . . . . . . . . . . .  4
      1.4 Document Content and Organization  . . . . . . . . . . .  4
   2. Overview  . . . . . . . . . . . . . . . . . . . . . . . . .   5
      2.1 Endpoint Authentication . . . . . . . . . . . . . . . .   6
         2.1.1 Machine-Level Authentication . . . . . . . . . . .   7
         2.1.2 User-Level Authentication  . . . . . . . . . . . .   7
         2.1.3 Combined User/Machine Authentication . . . . . . .   8
         2.1.4 Remote Access Authentication . . . . . . . . . . .   8
         2.1.5 Compatibility With Legacy Remote Access Mechanisms   9
      2.2 Remote Host Configuration  . . . . . . . . . . . . . . . 10
      2.3 Security Policy Configuration  . . . . . . . . . . . . . 11
      2.4 Auditing . . . . . . . . . . . . . . . . . . . . . . . . 12
      2.5 Intermediary Traversal . . . . . . . . . . . . . . . . . 13




Kelly & Ramamoorthi          Informational