[ previous ] [ next ] [ threads ]
 From:  "Chad R. Larson" <clarson at eldocomp dot com>
 To:  Jorgen Norrman <jurg at home dot se>, "m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re:[m0n0wall] IPSEC on boxes which uses DHCP on their WANinterface
 Date:  Fri, 16 Jan 2004 14:15:12 -0700
At 01:43 PM 1/16/2004, Jorgen Norrman wrote:
>What's the difference between static and dynamic ip-adress for IPSEC ?

It's whether the IP address on the WAN interface is fixed.  Some service 
providers give you a permanent address, others assign you one using DHCP or 
something like it.  Those addresses aren't guaranteed to remain the same 
across DHCP lease timeouts.

>If I configure IPSEC with an public ip-adress to the other m0n0walls WAN 
>interface, why does IPSEC bother if it's static assigned or dynamically 
>assigned ip-adress ?

If the WAN address changes on the fly, the remote end can't do the 
authentication it needs to do for the key exchange.

Chad R. Larson (CRL22)    chad at eldocomp dot com
   Eldorado Computing, Inc.   602-604-3100
      5353 North 16th Street, Suite 400
        Phoenix, Arizona   85016-3228


This message is intended for the sole use of the individual and entity to whom it is addressed, and
may contain information that is privileged, confidential and exempt from disclosure under applicable
law. If you are not the intended addressee, nor authorized to receive for the intended addressee,
you are hereby notified that you may not use, copy, disclose or distribute to anyone the message or
any information contained in the message. If you have received this message in error, please
immediately advise the sender by reply email, and delete the message. Thank you.