[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Heartbeats Straw Poll

Tero Kivinen wrote:
> Theodore Ts'o writes:
> > Neither of these (accounting and returning IP addresses to a DHCP pool)
> > are IPSEC issues.  This is stuff you have to deal with even if you're
> > not using IPSEC.  Hence, solving it with an IPSEC-specific solution
> > seems like we're barking up the wrong tree.
> Most of the NAT traversal proposal that encapsulate IPsec inside UDP
> packets needs some kind of keepalive protocol to keep the NAT from
> deleting the UDP "connection".
> In that cases it doesn't matter if it is phase 1 or phase 2 "ping".

I think it does matter if the UDP traffic is sent to a different port
than 500.

Ari Huttunen                   phone: +358 9 859 900
Senior Software Engineer       fax  : +358 9 8599 0452

F-Secure Corporation       http://www.F-Secure.com 

F-Secure products: Integrated Solutions for Enterprise Security