[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ike source port (was: issues with IKE that need resolution)
>> > > Is it ok for the source port for IKE to be something other than
>> > > port 500?
>> > >
>> > > Hopefully it is ok, as this eases ipsec across NAT boxes
>> >
>> > Whoa! Cognitive dissonance!
>> >
>> To be clear, the NAT box Gabriel is refering to is a Host NAT server.
>> Host NAT server does not perform any address or port translation.
>> Hope this helps.
>>
>> cheers,
>> suresh
>
>If so, then whence the term "NAT"? Per RFC 1631 a NAT does address/port
>translation.
Actually, to be really clear :) Gabriel was talking about Address Translation,
but not using traditional NAT. What he had in mind was making use of SOCKS
for address translation. Gabriel has a proposal to make use of SOCKS to
achieve end-to-end security WITH address translation.
However, I suppose I should not be assuming what he meant. This is what I
think he meant.
PatC
>
>--bill