[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ike source port (was: issues with IKE that need resolution)
>
> > > > Is it ok for the source port for IKE to be something other than
> > > > port 500?
> > > >
> > > > Hopefully it is ok, as this eases ipsec across NAT boxes
> > >
> > > Whoa! Cognitive dissonance!
> > >
> > To be clear, the NAT box Gabriel is refering to is a Host NAT server.
> > Host NAT server does not perform any address or port translation.
> > Hope this helps.
> >
> > cheers,
> > suresh
>
> If so, then whence the term "NAT"? Per RFC 1631 a NAT does address/port
> translation.
>
> --bill
>
It is Host-NAT, not NAT. A host in a private network, when connecting to
end-hosts outside its realm, could adapt Host Network Address Translation
to avoid network address translation of end-to-end packets. Such a host
is termed "Host NAT client".
For details, I suggest, you refer NAR draft by Gabriel or the
soon-to-be-posted draft-ietf-nat-terminology-01.txt. Thanks.
cheers,
suresh
Follow-Ups:
References: