datatracker.ietf.org
Sign in
Version 5.6.4.p1, 2014-10-20
Report a bug

Problem Statement: Mobile IPv4 Traversal of Virtual Private Network (VPN) Gateways
RFC 4093

Network Working Group                                    F. Adrangi, Ed.
Request for Comments: 4093                                         Intel
Category: Informational                                H. Levkowetz, Ed.
                                                                Ericsson
                                                             August 2005

              Problem Statement: Mobile IPv4 Traversal of
                 Virtual Private Network (VPN) Gateways

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2005).

Abstract

   Deploying Mobile-IP v4 in networks that are connected to the Internet
   through a Virtual Private Network (VPN) gateway presents some
   problems that do not currently have well-described solutions.  This
   document aims to describe and illustrate these problems, and to
   propose some guidelines for possible solutions.

Table of Contents

   1. Introduction ....................................................2
      1.1. Overview of the Problem ....................................3
      1.2. Specification of Requirements ..............................3
      1.3. Terminology ................................................3
   2. MIP and VPN Deployment Scenarios ................................4
      2.1. MIPv4 HA(s) Inside the Intranet behind a VPN Gateway .......5
      2.2. VPN Gateway and MIPv4 HA(s) on the VPN Domain Border .......6
      2.3. Combined VPN Gateway and MIPv4 HA ..........................7
      2.4. MIPv4 HA(s) Outside the VPN Domain .........................8
      2.5. Combined VPN Gateway and MIPv4 HA(s) on the Local Link .....9
   3. Deployment Scenarios Selection ..................................9
   4. Problem Statement ..............................................10
      4.1. Registering in Co-Located Mode ............................11
      4.2. Registering via an FA .....................................12
      4.3. Summary: MIP Incompatibilities with IPsec-Based
           VPN Gateways ..............................................13

Adrangi & Levkowetz          Informational                      [Page 1]
RFC 4093         MIPv4 VPN Traversal Problem Statement       August 2005

   5. Solution Guidelines ............................................14
      5.1. Preservation of Existing VPN Infrastructure ...............14
      5.2. Software Upgrades to Existing VPN Client and Gateways .....14
      5.3. IPsec Protocol ............................................14
      5.4. Multi-Vendor Interoperability .............................14
      5.5. MIPv4 Protocol ............................................15
      5.6. Handoff Overhead ..........................................15
      5.7. Scalability, Availability, Reliability, and Performance ...15
      5.8. Functional Entities .......................................15
      5.9. Implications of Intervening NAT Gateways ..................15
      5.10. Security Requirements ....................................16
   6. Security Considerations ........................................16
   7. Acknowledgements ...............................................16
   8. References .....................................................17
      8.1. Normative References ......................................17
      8.2. Informative References ....................................17

1.  Introduction

   Mobile IP [RFC3344] agents are being deployed in enterprise networks
   to enable mobility across wired and wireless LANs while roaming
   inside the enterprise Intranet.  With the growing deployment of IEEE
   802.11 access points ("hot spots") in public places such as hotels,
   airports, and convention centers, and with wireless WAN data networks
   such as General Packet Radio Service (GPRS), the need is increasing
   for enabling mobile users to maintain their transport connections and
   constant reachability while connecting back to their target "home"
   networks protected by Virtual Private Network (VPN) technology.  This
   implies that Mobile IP and VPN technologies have to coexist and
   function together in order to provide mobility and security to the
   enterprise mobile users.

   The goal of this document is to:

   o  Identify and describe practical deployment scenarios for Mobile IP
      and VPN in enterprise and operator environments.

   o  Identify example usage scenarios for remote users roaming outside
      the "home" network protected by a VPN gateway.

   o  Articulate the problems resulting from Mobile IP and VPN
      coexistence.

   o  Specify a set of framework guidelines to evaluate proposed

[include full document text]