Mode-Configuration (MODECFG)In remote access scenarios, it is highly desirable to be able to push configuration information such as the private IP address, a DNS server's IP address, and so forth, to the client. The IPSec Mode-configuration (MODECFG) allows this functionality. Configuration for MODECFG using Cisco IOS is shown in Example 4-2. Example 4-2. Cisco IOS MODECFG Configuration on the IPSec Gateway
Some of the key attributes that can be pushed to a remote user using MODECFG follow: INTERNAL_IP4_ADDRESS, INTERNAL_IP6_ADDRESS Specifies an address within the internal network. The requested address is valid until the expiration of the ISAKMP SA that was used to secure the request. The address may also expire when the IPSec phase 2 SA expires, if the request is associated with a phase 2 negotiation. INTERNAL_IP4_NETMASK, INTERNAL_IP6_NETMASK The internal network's netmask. INTERNAL_IP4_DNS, INTERNAL_IP6_DNS Specifies an address of a DNS server or multiple DNS servers within the network. The responder may respond with zero, one, or more DNS server attributes. INTERNAL_IP4_NBNS, INTERNAL_IP6_NBNS Specifies an address of a NetBios Name Server (NBNS) within the network. Multiple NBNSs may be requested. The responder may respond with zero, one, or more NBNS attributes. Like XAUTH, MODECFG is not a standard of the IPSec working group in the IETF. Although Cisco defined this protocol and most client implementations work with the Cisco implementation, given that this not a standard, there are no guarantees for interoperability. |
لطفا منتظر باشید ...
