I agree. -Vishwas
On Mon, Mar 26, 2012 at 1:12 AM, Michael Richardson <mcr+i...@sandelman.ca>wrote: > > I agree: it's not a "hard problem". It's an annoying problem, and the > lack of a dynamic solution causes poor experiences for users. > > For a relatively static group of non-moving leaf gateways, even a very > large group, a bit of scripting could generate most of the full mesh > policy, and normal IKEv2 on-demand keying of links would bring up > tunnels as needed. > > The reason to have an automatic system is because: > 1) we have mobile nodes that we want to include (roadwarriors) > > 2) we have gateways behind NAT that can be hard to find. > > 3) we have machines/gateways that have non-transtive authentication > mechanisms, and it would be very annoying to setup each leaf > system with a trusted connection to the AAA system for > authentication. > > -- > ] He who is tired of Weird Al is tired of life! | > firewalls [ > ] Michael Richardson, Sandelman Software Works, Ottawa, ON |net > architect[ > ] m...@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device > driver[ > Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE> > then sign the petition. > > > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec > >
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec