[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Heartbeats Straw Poll
Tero Kivinen wrote:
> Theodore Ts'o writes:
> > Neither of these (accounting and returning IP addresses to a DHCP pool)
> > are IPSEC issues. This is stuff you have to deal with even if you're
> > not using IPSEC. Hence, solving it with an IPSEC-specific solution
> > seems like we're barking up the wrong tree.
> Most of the NAT traversal proposal that encapsulate IPsec inside UDP
> packets needs some kind of keepalive protocol to keep the NAT from
> deleting the UDP "connection".
> In that cases it doesn't matter if it is phase 1 or phase 2 "ping".
I think it does matter if the UDP traffic is sent to a different port
Ari Huttunen phone: +358 9 859 900
Senior Software Engineer fax : +358 9 8599 0452
F-Secure Corporation http://www.F-Secure.com
F-Secure products: Integrated Solutions for Enterprise Security