[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Heartbeats Straw Poll

To: Tero Kivinen <kivinen@ssh.fi>
Subject: Re: Heartbeats Straw Poll
From: Ari Huttunen <Ari.Huttunen@F-Secure.com>
Date: Wed, 09 Aug 2000 17:18:33 +0300
CC: "Theodore Ts'o" <tytso@mit.edu>, ebooth@cisco.com, smb@research.att.com, sommerfeld@East.Sun.COM, sfanning@cisco.com, warlord@mit.edu, skelly@redcreek.com, paul.hoffman@vpnc.org, ipsec@lists.tislabs.com
Organization: F-Secure Oyj
References: <Pine.GSO.4.10.10008080035150.9000-100000@uzura.cisco.com> <200008090248.WAA09563@trampoline.thunk.org> <200008091317.QAA19824@torni.hel.fi.ssh.com>
Sender: owner-ipsec@lists.tislabs.com

Tero Kivinen wrote:
> 
> Theodore Ts'o writes:
> > Neither of these (accounting and returning IP addresses to a DHCP pool)
> > are IPSEC issues.  This is stuff you have to deal with even if you're
> > not using IPSEC.  Hence, solving it with an IPSEC-specific solution
> > seems like we're barking up the wrong tree.
> 
> Most of the NAT traversal proposal that encapsulate IPsec inside UDP
> packets needs some kind of keepalive protocol to keep the NAT from
> deleting the UDP "connection".
> 
> In that cases it doesn't matter if it is phase 1 or phase 2 "ping".

I think it does matter if the UDP traffic is sent to a different port
than 500.

-- 
Ari Huttunen                   phone: +358 9 859 900
Senior Software Engineer       fax  : +358 9 8599 0452

F-Secure Corporation       http://www.F-Secure.com 

F-Secure products: Integrated Solutions for Enterprise Security

References:

Re: Heartbeats Straw Poll

From: Skip Booth <ebooth@cisco.com>

Re: Heartbeats Straw Poll

From: "Theodore Ts'o" <tytso@mit.edu>

Re: Heartbeats Straw Poll

From: Tero Kivinen <kivinen@ssh.fi>

Prev by Date: Re: Heartbeats Straw Poll
Next by Date: Re: Heartbeats Straw Poll
Prev by thread: Re: Heartbeats Straw Poll
Next by thread: RE: Heartbeats Straw Poll
Index(es):
- Main
- Thread