[ previous ] [ next ] [ threads ]
 
 From:  Jorgen Norrman <jurg at home dot se>
 To:  "Chad R. Larson" <clarson at eldocomp dot com>, m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] IPSEC on boxes which uses DHCP on their WANinterface
 Date:  Fri, 16 Jan 2004 22:29:27 +0100
As I was writing. What's the difference for IPSEC ?
Why can't IPSEC handles an IP-adress that was dynamically assigned ?
(even if the dynamically assigned adress never change)

/jn

Chad R. Larson wrote:

>At 01:43 PM 1/16/2004, Jorgen Norrman wrote:
>  
>
>>What's the difference between static and dynamic ip-adress for IPSEC ?
>>    
>>
>
>It's whether the IP address on the WAN interface is fixed.  Some service 
>providers give you a permanent address, others assign you one using DHCP or 
>something like it.  Those addresses aren't guaranteed to remain the same 
>across DHCP lease timeouts.
>
>  
>
>>If I configure IPSEC with an public ip-adress to the other m0n0walls WAN 
>>interface, why does IPSEC bother if it's static assigned or dynamically 
>>assigned ip-adress ?
>>    
>>
>
>If the WAN address changes on the fly, the remote end can't do the 
>authentication it needs to do for the key exchange.
>
>         -crl
>--
>Chad R. Larson (CRL22)    chad at eldocomp dot com
>   Eldorado Computing, Inc.   602-604-3100
>      5353 North 16th Street, Suite 400
>        Phoenix, Arizona   85016-3228
>
>-- CONFIDENTIALITY NOTICE --
>
>This message is intended for the sole use of the individual and entity to whom it is addressed, and
may contain information that is privileged, confidential and exempt from disclosure under applicable
law. If you are not the intended addressee, nor authorized to receive for the intended addressee,
you are hereby notified that you may not use, copy, disclose or distribute to anyone the message or
any information contained in the message. If you have received this message in error, please
immediately advise the sender by reply email, and delete the message. Thank you.
>
>
>  
>