The client has to have a PAD that includes the gateways. Our implementation has the client downloading the configuration (by a proprietary protocol) that includes the gateway names (and how to find them - IP address or DNS name). These gateway names can optionally be shown to the user in the GUI. In any case, the client is as aware of the names as the gateways. ________________________________________ From: Vijay Devarapalli [[email protected]] Sent: Thursday, May 28, 2009 01:04 To: Yoav Nir; Tero Kivinen Cc: [email protected] Subject: Re: [IPsec] Some comments about redirect
Hi Yoav, On 5/27/09 3:11 AM, "Yoav Nir" wrote: > OK. In that case I would add to the initial registry > > 4 - locally meaningful name The client should be able to resolve this "locally meaningful name" to an IP address to which it can initiate a new IKE_SA_INIT exchange. These "locally meaningful names" might make sense to the pool of IKEv2 gateways, but would it make sense to the client? How does the client figure out what the new VPN gateway is? Am I missing something? Vijay > > In our product, the gateways have "names" that appear both in the GUI and the > configuration files (and logs). It's easier for them to fetch another > gateway's "object" by name than by IP address. Such a name could be ASCII or > UTF-8. > ________________________________________ > From: Tero Kivinen [[email protected]] Scanned by Check Point Total Security Gateway. Email secured by Check Point _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
