Requirements for IPsec Remote Access Scenarios
RFC 3457
Document | Type | RFC - Informational (January 2003; No errata) | |
---|---|---|---|
Authors | Sankar Ramamoorthi , Scott Kelly | ||
Last updated | 2015-10-14 | ||
Stream | Internent Engineering Task Force (IETF) | ||
Formats | plain text html pdf htmlized (tools) htmlized bibtex | ||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 3457 (Informational) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Steven Bellovin | ||
IESG note | Responsible: Author | ||
Send notices to | (None) |
Network Working Group S. Kelly Request for Comments: 3457 Airespace Category: Informational S. Ramamoorthi Juniper Networks January 2003 Requirements for IPsec Remote Access Scenarios Status of this Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2003). All Rights Reserved. Abstract IPsec offers much promise as a secure remote access mechanism. However, there are a number of differing remote access scenarios, each having some shared and some unique requirements. A thorough understanding of these requirements is necessary in order to effectively evaluate the suitability of a specific set of mechanisms for any particular remote access scenario. This document enumerates the requirements for a number of common remote access scenarios. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . 2 1.1 Requirements Terminology . . . . . . . . . . . . . . . . 3 1.2 Reader Prerequisites . . . . . . . . . . . . . . . . . . 3 1.3 General Terminology . . . . . . . . . . . . . . . . . . 4 1.4 Document Content and Organization . . . . . . . . . . . 4 2. Overview . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.1 Endpoint Authentication . . . . . . . . . . . . . . . . 6 2.1.1 Machine-Level Authentication . . . . . . . . . . . 7 2.1.2 User-Level Authentication . . . . . . . . . . . . 7 2.1.3 Combined User/Machine Authentication . . . . . . . 8 2.1.4 Remote Access Authentication . . . . . . . . . . . 8 2.1.5 Compatibility With Legacy Remote Access Mechanisms 9 2.2 Remote Host Configuration . . . . . . . . . . . . . . . 10 2.3 Security Policy Configuration . . . . . . . . . . . . . 11 2.4 Auditing . . . . . . . . . . . . . . . . . . . . . . . . 12 2.5 Intermediary Traversal . . . . . . . . . . . . . . . . . 13 Kelly & Ramamoorthi Informational [Page 1] RFC 3457 IPsec Remote Access Scenarios January 2003 3. Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . 13 3.1 Telecommuters (Dialup/DSL/Cablemodem) . . . . . . . . . 14 3.1.1 Endpoint Authentication Requirements . . . . . . . 15 3.1.2 Device Configuration Requirements . . . . . . . . 16 3.1.3 Policy Configuration Requirements . . . . . . . . 17 3.1.4 Auditing Requirements . . . . . . . . . . . . . . 18 3.1.5 Intermediary Traversal Requirements . . . . . . . 18 3.2 Corporate to Remote Extranet . . . . . . . . . . . . . . 19 3.2.1 Authentication Requirements . . . . . . . . . . . 19 3.2.2 Device Configuration Requirements . . . . . . . . 20 3.2.3 Policy Configuration Requirements . . . . . . . . 21 3.2.4 Auditing Requirements . . . . . . . . . . . . . . 21 3.2.5 Intermediary Traversal Requirements . . . . . . . 21 3.3 Extranet Laptop to Home Corporate Net . . . . . . . . . 22 3.3.1 Authentication Requirements . . . . . . . . . . . 22 3.3.2 Device Configuration Requirements . . . . . . . . 23 3.3.3 Policy Configuration Requirements . . . . . . . . 23 3.3.4 Auditing Requirements . . . . . . . . . . . . . . 24 3.3.5 Intermediary Traversal Requirements . . . . . . . 24 3.4 Extranet Desktop to Home Corporate Net . . . . . . . . . 25 3.4.1 Authentication Requirements . . . . . . . . . . . 25 3.4.2 Device Configuration Requirements . . . . . . . . 26 3.4.3 Policy Configuration Requirements . . . . . . . . 26 3.4.4 Auditing Requirements . . . . . . . . . . . . . . 26 3.4.5 Intermediary Traversal Requirements . . . . . . . 26 3.5 Public System to Target Network . . . . . . . . . . . . 27 3.5.1 Authentication Requirements . . . . . . . . . . . 27 3.5.2 Device Configuration Requirements . . . . . . . . 28 3.5.3 Policy Configuration Requirements . . . . . . . . 28 3.5.4 Auditing Requirements . . . . . . . . . . . . . . 29 3.5.5 Intermediary Traversal Requirements . . . . . . . 29 4. Scenario Commonalities . . . . . . . . . . . . . . . . . . 29 5. Security Considerations . . . . . . . . . . . . . . . . . . 30 6. References . . . . . . . . . . . . . . . . . . . . . . . . 30 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . 30 8. Editors' Addresses. . . . . . . . . . . . . . . . . . . . . 30Show full document text