Skip to main content

Authenticated Firewall Traversal with IPsec.

Document Type Expired Internet-Draft (individual)
Expired & archived
Author Michael Richardson
Last updated 1996-04-03
RFC stream (None)
Intended RFC status (None)
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


A number of proposed protocols describe mechanisms whereby end to end authentication or privacy may be negotiated: most notable is the IPSEC working group where these issues are dealt with in a general way. Some relating working groups make use of the IPSEC (and related IPv6 facilities) facilities to provide authentication services (mobileip), while other groups (notably SNMPv2, RSVP, OSPF, BGP, AFT and CAT) provide their own facilities. This documents describes some of the common considerations for all of these protocols when there exists security gateway(s) (aka 'firewalls') between the end nodes that are negotiating security. This document does not enter into the debate about node security versus network security. It is assumed that the need for firewall like facilities will continue to exist for sometime. Whether or not IPSEC and/or IPv6 security services make firewalls obsolete or more common will remain a heated question for sometime.


Michael Richardson

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)