[Mip6-firewall] [Fwd: [MEXT] next steps with firewall drafts]

[QIU Ying]

Hi,

Since the Home BU/BA can go through the firewall due to not encrypted, how 
about do following process?

1. For the case of HA behind firewall: After receiving the home BU message, 
the home agent opens a dynamic pinhole and sets up a security tunnel for MN's 
CoA so that following traffic packets from this address with any protocols 
can reach the home agent. Thereafter, the encapsulated HoTI and HoT can pass 
through the firewall.

2. For the case of MN behind firewall: the HoTI is from internal to 
external, so the message should not be blocked.

Regards
Qiu Ying


----- Original Message ----- 
From: "Yaron Sheffer" <yaronf at checkpoint.com>
To: "Suresh Krishnan" <suresh.krishnan at ericsson.com>; "Niklas Steinleitner" 
<steinleitner at cs.uni-goettingen.de>
Cc: <mip6-firewall at zeke.ecotroph.net>
Sent: Thursday, September 25, 2008 4:00 PM
Subject: Re: [Mip6-firewall] [Fwd: [MEXT] next steps with firewall drafts]
>Hi Suresh,
>
>If you think a review on the ipsecme list (and/or an ipsecme slot in
>Minneapolis) is needed, let me know.
>
> Yaron


> _______________________________________________
> Mip6-firewall mailing list
> Mip6-firewall at zeke.ecotroph.net
> https://zeke.ecotroph.net/mailman/listinfo/mip6-firewall
> 

**********************  ANNOUNCEMENT ********************************
 We have moved to Fusionopolis!
 Our official address is:
 Institute for Infocomm Research,  1 Fusionopolis Way,  #21-01 Connexis, South Tower,
 Singapore 138632.   Main line: +65 64082000. Main fax: +65 67761378
 Please visit http://www.fusionopolis.a-star.edu.sg/ for more information
 on Fusionopolis.
******************************************************************

Institute For Infocomm Research - Disclaimer This email is confidential and may be privileged.  If you are not the intended recipient, please delete it and notify us immediately. Please do not copy or use it for any purpose, or disclose its contents to any other person. Thank you."