RFC 3457 (rfc3457) - Page 1 of 31
Requirements for IPsec Remote Access Scenarios
Alternative Format: Original Text Document
Network Working Group S. Kelly
Request for Comments: 3457 Airespace
Category: Informational S. Ramamoorthi
Juniper Networks
January 2003
Requirements for IPsec Remote Access Scenarios
Status of this Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2003). All Rights Reserved.
Abstract
IPsec offers much promise as a secure remote access mechanism.
However, there are a number of differing remote access scenarios,
each having some shared and some unique requirements. A thorough
understanding of these requirements is necessary in order to
effectively evaluate the suitability of a specific set of mechanisms
for any particular remote access scenario. This document enumerates
the requirements for a number of common remote access scenarios.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . 2
1.1 Requirements Terminology . . . . . . . . . . . . . . . . 3
1.2 Reader Prerequisites . . . . . . . . . . . . . . . . . . 3
1.3 General Terminology . . . . . . . . . . . . . . . . . . 4
1.4 Document Content and Organization . . . . . . . . . . . 4
2. Overview . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.1 Endpoint Authentication . . . . . . . . . . . . . . . . 6
2.1.1 Machine-Level Authentication . . . . . . . . . . . 7
2.1.2 User-Level Authentication . . . . . . . . . . . . 7
2.1.3 Combined User/Machine Authentication . . . . . . . 8
2.1.4 Remote Access Authentication . . . . . . . . . . . 8
2.1.5 Compatibility With Legacy Remote Access Mechanisms 9
2.2 Remote Host Configuration . . . . . . . . . . . . . . . 10
2.3 Security Policy Configuration . . . . . . . . . . . . . 11
2.4 Auditing . . . . . . . . . . . . . . . . . . . . . . . . 12
2.5 Intermediary Traversal . . . . . . . . . . . . . . . . . 13
Kelly & Ramamoorthi Informational