Panasonic 7 User Manual

148 Chapter 8 Configuring IPSec mobility and persistent mode

Figure 29

Example configuration

One solution to this problem is to use mobile IP technology (described in RFC
3344) to maintain IPSec connections. In this configuration, the IP address of the

mobile machine does not change when it moves from a home network to a foreign
network. Each mobile node is always identified by its home address, regardless of

its current point of attachment to the Internet. While situated away from its home,

a mobile node is also associated with a care-of address, which provides

information about its current point of attachment to the Internet. When away from

home, mobile IP uses protocol tunneling to hide a mobile node's home address

from intervening routers between its home network and its current location. The

home agent sends datagrams destined for the mobile node through a tunnel to the

care-of address. After arriving at the end of the tunnel, each datagram is then
delivered to the mobile node.

However, IP mobility technology for IPSec is inefficient due to double tunneling,

which can be an issue for resource-limited wireless networks. In addition, mobile
IP requires deployment of extra equipment and administration that could increase

the cost of the solution and could be a potential cause of inter-operability
problems between different vendors and providers.

Nortel solves the IPSec mobility problem by enhancing its IPSec implementation.

NN46110-500