RE: IPSEC Security Gateways & NAT

["Andrew Krywaniuk" <andrew.krywaniuk@alcatel.com>]

On the contrary, from what I have seen there is a consensus for ESPoUDP. At
least 6 vendors are planning to implement this approach, and we are
anxiously awaiting the release of the new merged NAT traversal document.

Andrew
-------------------------------------------
Upon closer inspection, I saw that the line
dividing black from white was in fact a shade
of grey. As I drew nearer still, the grey area
grew larger. And then I was enlightened.


> -----Original Message-----
> From: owner-ipsec@lists.tislabs.com
> [mailto:owner-ipsec@lists.tislabs.com]On Behalf Of Steven M. Bellovin
> Sent: Thursday, June 07, 2001 9:16 AM
> To: Joern Sierwald
> Cc: ipsec@lists.tislabs.com; Chris Trobridge
> Subject: Re: IPSEC Security Gateways & NAT
>
>
> In message
> <3.0.5.32.20010607143550.047a3380@smtp.datafellows.com>, Joern Sierw
> ald writes:
>
> >>
> >
> >The consensus among IPsec vendors is ESPoUDP. You use tunnel mode,
> >and insert a UDP header in front of the ESP header. This is
> dead simple
> >and works with normal NAT boxes.
> >
>
> I don't know that I'd use the word "consensus" -- and I would
> note that
> that SSH has claimed assorted patent rights to the concept,
> at least as
> explained in draft-stenberg-ipsec-nat-traversal-*.txt.
>
>
> 		--Steve Bellovin, http://www.research.att.com/~smb
>
>
>

---

References:

• Re: IPSEC Security Gateways & NAT
• From: "Steven M. Bellovin" <smb@research.att.com>

---

• Prev by Date: Re: IPSEC Security Gateways & NAT
• Next by Date: Re: IPSEC Security Gateways & NAT
• Prev by thread: Re: IPSEC Security Gateways & NAT
• Next by thread: Re: IPSEC Security Gateways & NAT
• Index(es):
  • Main
  • Thread