148 Chapter 8 Configuring IPSec mobility and persistent mode
NN46110-500
Figure 29 Example configuration
One solution to this problem is to use mobile IP technology (described in RFC
3344) to maintain IPSec connections. In this configuration, the IP address of the
mobile machine does not change when it moves from a home network to a foreign
network. Each mobile node is always identified by its home address, regardless of
its current point of attachment to the Internet. While situated away from its home,
a mobile node is also associated with a care-of address, which provides
information about its current point of attachment to the Internet. When away from
home, mobile IP uses protocol tunneling to hide a mobile node's home address
from intervening routers between its home network and its current location. The
home agent sends datagrams destined for the mobile node through a tunnel to the
care-of address. After arriving at the end of the tunnel, each datagram is then
delivered to the mobile node.
However, IP mobility technology for IPSec is inefficient due to double tunneling,
which can be an issue for resource-limited wireless networks. In addition, mobile
IP requires deployment of extra equipment and administration that could increase
the cost of the solution and could be a potential cause of inter-operability
problems between different vendors and providers.
Nortel solves the IPSec mobility problem by enhancing its IPSec implementation.
To Next Page
Loading...
