Re: I-D ACTION:draft-shukla-ipsec-nat-qos-compatible-security-00.txt

[Markus Stenberg <mstenber@ssh.com>]

"jshukla" <jshukla@trlokom.com> writes:
> Scott had reached an incorrect conclusion and
> my previous e-mail addresses that issue. As
> far as RSIP, ESPUDP etc. are concerned, please
> take a look at the Section 5 of my draft where I
> talk about the existing solutions and their
> drawbacks. I also give references to other
> drafts and RFCs that talk about the problems
> with existing solutions in greater detail.

from 5.3:

   The drawbacks of this approach are that it will require
   modifications to existing NAT implementations, and will have
   overhead in book-keeping to ensure that no two hosts use the same
   port number. 

To be specific, it does NOT require changes to the intervening NAT devices
on network path between IPsec endpoints. One endpoint MAY need to contain
NAT implementation, which obviously is nonstandard as it performs
(host,port) <> internal-host mapping in some cases.

> regards,
> Jayant

-Markus

-- 
Simplicity does not precede complexity, but follows it.

>From ACM's SIGPLAN publication, (September, 1982), Article "Epigrams
in Programming", by Alan J. Perlis of Yale University.

---

Follow-Ups:

• Re: I-D ACTION:draft-shukla-ipsec-nat-qos-compatible-security-00.txt
• From: "jshukla" <jshukla@trlokom.com>

References:

• Re: I-D ACTION:draft-shukla-ipsec-nat-qos-compatible-security-00.txt
• From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
• Re: I-D ACTION:draft-shukla-ipsec-nat-qos-compatible-security-00.txt
• From: "jshukla" <jshukla@trlokom.com>

---

• Prev by Date: Doubt regarding sequence number....
• Next by Date: Question
• Prev by thread: Re: I-D ACTION:draft-shukla-ipsec-nat-qos-compatible-security-00.txt
• Next by thread: Re: I-D ACTION:draft-shukla-ipsec-nat-qos-compatible-security-00.txt
• Index(es):
  • Main
  • Thread