[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IKEv2 and NAT traversal




Does the current IKEv2 draft have a problem working with the current
NAT traversal draft (or vice versa, depending on your viewpoint)?

The UDP encapsulation draft assumes that IKE packets never begin with
eight zero bytes, whereas in IKEv2 the first eight bytes are the recipient
SPI (cookie) (which is potentially zero).

Since IKEv2 also runs on port 500, this seems like a problem.  Should
IKEv2 change, or should the NAT traversal draft change?  Is there harm
in swapping the order of cookies in IKEv2 (I would think not)?  That
would fix this problem, since the cookie of the sender is never zero.

-Sami






Follow-Ups: