[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ike source port (was: issues with IKE that need resolution)

To: bmanning@isi.edu, "Pyda Srisuresh" <suresh@livingston.com>
Subject: Re: ike source port (was: issues with IKE that need resolution)
From: Pat.Calhoun@Eng.Sun.Com (Patrice Calhoun)
Date: Wed, 16 Sep 1998 09:13:27 -0700
Cc: crawdad@fnal.gov, ipsec@tis.com
Reply-To: Pat.Calhoun@Eng.Sun.Com
Sender: owner-ipsec@ex.tis.com


>> > > 	Is it ok for the source port for IKE to be something other than
>> > > 	port 500?
>> > > 
>> > > Hopefully it is ok, as this eases ipsec across NAT boxes
>> > 
>> > Whoa!  Cognitive dissonance!
>> > 
>> To be clear, the NAT box Gabriel is refering to is a Host NAT server.
>> Host NAT server does not perform any address or port translation. 
>> Hope this helps.
>> 
>> cheers,
>> suresh
>
>If so, then whence the term "NAT"?  Per RFC 1631 a NAT does address/port
>translation. 
Actually, to be really clear :) Gabriel was talking about Address Translation,
but not using traditional NAT. What he had in mind was making use of SOCKS
for address translation. Gabriel has a proposal to make use of SOCKS to 
achieve end-to-end security WITH address translation.

However, I suppose I should not be assuming what he meant. This is what I 
think he meant.

PatC
>
>--bill

Prev by Date: Re: ike source port (was: issues with IKE that need resolution)
Next by Date: Re: ike source port (was: issues with IKE that need resolution)
Prev by thread: Re: ike source port (was: issues with IKE that need resolution)
Next by thread: Re: ike source port (was: issues with IKE that need resolution)
Index(es):
- Main
- Thread