[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ike source port (was: issues with IKE that need resolution)

To: bmanning@isi.edu
Subject: Re: ike source port (was: issues with IKE that need resolution)
From: suresh@livingston.com (Pyda Srisuresh)
Date: Wed, 16 Sep 1998 09:27:34 -0700 (PDT)
Cc: suresh@livingston.com, crawdad@fnal.gov, ipsec@tis.com
In-Reply-To: <199809161545.AA01645@zed.isi.edu> from "bmanning@ISI.EDU" at Sep 16, 98 08:45:13 am
Sender: owner-ipsec@ex.tis.com

> 
> > > > 	Is it ok for the source port for IKE to be something other than
> > > > 	port 500?
> > > > 
> > > > Hopefully it is ok, as this eases ipsec across NAT boxes
> > > 
> > > Whoa!  Cognitive dissonance!
> > > 
> > To be clear, the NAT box Gabriel is refering to is a Host NAT server.
> > Host NAT server does not perform any address or port translation. 
> > Hope this helps.
> > 
> > cheers,
> > suresh
> 
> If so, then whence the term "NAT"?  Per RFC 1631 a NAT does address/port
> translation. 
> 
> --bill
> 

It is Host-NAT, not NAT.  A host in a private network, when connecting to 
end-hosts outside its realm, could adapt Host Network Address Translation 
to avoid network address translation of end-to-end packets. Such a host
is termed "Host NAT client". 

For details, I suggest, you refer NAR draft by Gabriel or the 
soon-to-be-posted draft-ietf-nat-terminology-01.txt. Thanks.

cheers,
suresh

Follow-Ups:

Re: ike source port (was: issues with IKE that need resolution)

From: bmanning@isi.edu

References:

Re: ike source port (was: issues with IKE that need resolution)

From: bmanning@isi.edu

Prev by Date: Re: ike source port (was: issues with IKE that need resolution)
Next by Date: Re: ike source port (was: issues with IKE that need resolution)
Prev by thread: Re: ike source port (was: issues with IKE that need resolution)
Next by thread: Re: ike source port (was: issues with IKE that need resolution)
Index(es):
- Main
- Thread