draft-ietf-mext-firewall-admin-02.txt   draft-ietf-mext-firewall-admin-03.txt 
Network Working Group S. Krishnan Network Working Group S. Krishnan
Internet-Draft Ericsson Internet-Draft Ericsson
Intended status: Informational N. Steinleitner Intended status: Informational N. Steinleitner
Expires: April 30, 2010 University of Goettingen Expires: December 29, 2010 University of Goettingen
Y. Qiu Y. Qiu
Institute for Infocomm Research Institute for Infocomm Research
G. Bajko G. Bajko
Nokia Nokia
October 27, 2009 June 27, 2010
Guidelines for firewall administrators regarding MIPv6 traffic Guidelines for firewall administrators regarding MIPv6 traffic
draft-ietf-mext-firewall-admin-02 draft-ietf-mext-firewall-admin-03
Abstract
This document presents some recommendations for firewall
administrators to help them configure their existing firewalls in a
way that allows in certain deployment scenarios the Mobile IPv6 and
DSMIPv6 signaling and data messages to pass through. For other
scenarios, the support of additional mechanisms to create pinholes
required for MIPv6 will be necessary. This document assumes that the
firewalls in question include some kind of stateful packet filtering
capability.
Status of this Memo Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF). Note that other groups may also distribute
other groups may also distribute working documents as Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at This Internet-Draft will expire on December 29, 2010.
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on April 30, 2010.
Copyright Notice Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the Copyright (c) 2010 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents in effect on the date of Provisions Relating to IETF Documents
publication of this document (http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info) in effect on the date of
Please review these documents carefully, as they describe your rights publication of this document. Please review these documents
and restrictions with respect to this document. carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
Abstract include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
This document presents some recommendations for firewall described in the Simplified BSD License.
administrators to help them configure their existing firewalls in a
way that allows in certain deployment scenarios the Mobile IPv6 and
DSMIPv6 signaling and data messages to pass through. For other
scenarios, the support of additional mechanisms to create pinholes
required for MIPv6 will be necessary. This document assumes that the
firewalls in question include some kind of stateful packet filtering
capability.
Table of Contents Table of Contents
1. Requirements notation . . . . . . . . . . . . . . . . . . . . 3 1. Requirements notation . . . . . . . . . . . . . . . . . . . . 3
2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Abbreviations . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Abbreviations . . . . . . . . . . . . . . . . . . . . . . . . 3
4. Home Agent behind a firewall . . . . . . . . . . . . . . . . . 4 4. Home Agent behind a firewall . . . . . . . . . . . . . . . . . 4
4.1. Signaling between the MN and the HA . . . . . . . . . . . 5 4.1. Signaling between the MN and the HA . . . . . . . . . . . 5
4.2. IKEv2 signaling between MN and HA for establishing SAs . . 5 4.2. IKEv2 signaling between MN and HA for establishing SAs . . 5
5. Correspondent Node behind a firewall . . . . . . . . . . . . . 6 5. Correspondent Node behind a firewall . . . . . . . . . . . . . 6
 End of changes. 8 change blocks. 
30 lines changed or deleted 28 lines changed or added

This html diff was produced by rfcdiff 1.38. The latest version is available from http://tools.ietf.org/tools/rfcdiff/