Network Working Group F. Adrangi, Ed.
Request for Comments: 4093 Intel
Category: Informational H. Levkowetz, Ed.
Ericsson
August 2005
Problem Statement: Mobile IPv4 Traversal of
Virtual Private Network (VPN) Gateways
Status of This Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2005).
Abstract
Deploying Mobile-IP v4 in networks that are connected to the Internet
through a Virtual Private Network (VPN) gateway presents some
problems that do not currently have well-described solutions. This
document aims to describe and illustrate these problems, and to
propose some guidelines for possible solutions.
Table of Contents
1. Introduction ....................................................2
1.1. Overview of the Problem ....................................3
1.2. Specification of Requirements ..............................3
1.3. Terminology ................................................3
2. MIP and VPN Deployment Scenarios ................................4
2.1. MIPv4 HA(s) Inside the Intranet behind a VPN Gateway .......5
2.2. VPN Gateway and MIPv4 HA(s) on the VPN Domain Border .......6
2.3. Combined VPN Gateway and MIPv4 HA ..........................7
2.4. MIPv4 HA(s) Outside the VPN Domain .........................8
2.5. Combined VPN Gateway and MIPv4 HA(s) on the Local Link .....9
3. Deployment Scenarios Selection ..................................9
4. Problem Statement ..............................................10
4.1. Registering in Co-Located Mode ............................11
4.2. Registering via an FA .....................................12
4.3. Summary: MIP Incompatibilities with IPsec-Based
VPN Gateways ..............................................13
Adrangi & Levkowetz Informational [Page 1]
RFC 4093 MIPv4 VPN Traversal Problem Statement August 2005
5. Solution Guidelines ............................................14
5.1. Preservation of Existing VPN Infrastructure ...............14
5.2. Software Upgrades to Existing VPN Client and Gateways .....14
5.3. IPsec Protocol ............................................14
5.4. Multi-Vendor Interoperability .............................14
5.5. MIPv4 Protocol ............................................15
5.6. Handoff Overhead ..........................................15
5.7. Scalability, Availability, Reliability, and Performance ...15
5.8. Functional Entities .......................................15
5.9. Implications of Intervening NAT Gateways ..................15
5.10. Security Requirements ....................................16
6. Security Considerations ........................................16
7. Acknowledgements ...............................................16
8. References .....................................................17
8.1. Normative References ......................................17
8.2. Informative References ....................................17
1. Introduction
Mobile IP [RFC3344] agents are being deployed in enterprise networks
to enable mobility across wired and wireless LANs while roaming
inside the enterprise Intranet. With the growing deployment of IEEE
802.11 access points ("hot spots") in public places such as hotels,
airports, and convention centers, and with wireless WAN data networks
such as General Packet Radio Service (GPRS), the need is increasing
for enabling mobile users to maintain their transport connections and
constant reachability while connecting back to their target "home"
networks protected by Virtual Private Network (VPN) technology. This
implies that Mobile IP and VPN technologies have to coexist and
function together in order to provide mobility and security to the
enterprise mobile users.
The goal of this document is to:
o Identify and describe practical deployment scenarios for Mobile IP
and VPN in enterprise and operator environments.
o Identify example usage scenarios for remote users roaming outside
the "home" network protected by a VPN gateway.
o Articulate the problems resulting from Mobile IP and VPN
coexistence.
o Specify a set of framework guidelines to evaluate proposed
datatracker.ietf.org