[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I-D ACTION:draft-ietf-ipsec-udp-encaps-00.txt

To: "Mason, David" <David_Mason@nai.com>
Subject: Re: I-D ACTION:draft-ietf-ipsec-udp-encaps-00.txt
From: Bill Sommerfeld <sommerfeld@East.Sun.COM>
Date: Thu, 12 Jul 2001 14:17:20 -0400
cc: "'sommerfeld@east.sun.com'" <sommerfeld@East.Sun.COM>, "'Brian Swander'" <briansw@windows.microsoft.com>, "'ipsec@lists.tislabs.com'" <ipsec@lists.tislabs.com>
In-reply-to: Your message of "Thu, 12 Jul 2001 10:19:09 PDT." <8894CA1F87A5D411BD24009027EE78381281D8@ROC-76-204.nai.com>
Reply-to: sommerfeld@East.Sun.COM
Sender: owner-ipsec@lists.tislabs.com

> Only UDP NAT mappings require keepalives.

We're discussing a protocol for tunnelling IPsec through UDP.

> TCP NAT mappings don't.

I have two data points which say otherwise:

 - A former employer which I won't malign by name deployed a NAT which
I also won't malign by name in the middle of its network which dropped
state for TCP connections which had been idle for a small number of
minutes.

 - A popular freeware NAT implementation I've looked at tosses
connection state after a (configurable) idle timeout -- the default
appears to be 5 days, but it also has a configuration option (called
"LARGE_NAT") which drops the idle timeout to 10 minutes.

					- Bill

References:

RE: I-D ACTION:draft-ietf-ipsec-udp-encaps-00.txt

From: "Mason, David" <David_Mason@nai.com>

Prev by Date: Re: I-D ACTION:draft-ietf-ipsec-udp-encaps-00.txt
Next by Date: Re: I-D ACTION:draft-ietf-ipsec-udp-encaps-00.txt
Prev by thread: Re: I-D ACTION:draft-ietf-ipsec-udp-encaps-00.txt
Next by thread: RE: I-D ACTION:draft-ietf-ipsec-udp-encaps-00.txt
Index(es):
- Main
- Thread