[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

doubt on draft-ietf-ipsec-nat-t-ike-01.txt

To: <ipsec@lists.tislabs.com>
Subject: doubt on draft-ietf-ipsec-nat-t-ike-01.txt
From: "Lokesh" <lokeshnb@intotoinc.com>
Date: Tue, 12 Feb 2002 18:56:55 +0530
Organization: Intoto Software India Pvt Ltd. Secunderabad. (India)
Reply-To: "Lokesh" <lokeshnb@intotoinc.com>
Sender: owner-ipsec@lists.tislabs.com

Hi All,
Following is a doubt regrading ID draft-ietf-ipsec-nat-t-ike-01
It proposes, that sending party should calculate NAT-D paylods for
both Destination and source(its own) IP address and port pairs.
that is HASH = HASH( CKY-I | CKY-R | IP | Port)
So in Normal case,(host is not multihomed) there  will be
 two NAT-D  payloads.
I want to know why it is proposed to send 2 NAT-D payloads?
For me , it looks that, there is not need for First NAT-D payload
which is Hash on Destination IP and port.
because Destination IP and Ports are not going to change in NAT,
only Source ip and source ports are changed. sending party can send
only Second NAT-D payload (HASH on its own IP and src port) ,
and receiving can determine occurance of NAT as follows.
take src ip and src port selectors from incoming packet,
prepare HASH on them and compare with HASH or NAT-D payload sent
by other peer. If match is ok, there is no NAT, if it fails, there is a NAT.

Is that Ok? or Am I   missing some point here? if so correct me please.

Thanks
-Lokesh

Follow-Ups:
- Re: doubt on draft-ietf-ipsec-nat-t-ike-01.txt
  - From: Derek Atkins <warlord@mit.edu>
- Re: doubt on draft-ietf-ipsec-nat-t-ike-01.txt
  - From: Markus Stenberg <mstenber@ssh.com>

Prev by Date: CFP: Modeling, Analysis, and Simulation of Wireless LANs and Mobile Ad Hoc Networks and QoS Issues
Next by Date: Re: doubt on draft-ietf-ipsec-nat-t-ike-01.txt
Prev by thread: CFP: Modeling, Analysis, and Simulation of Wireless LANs and Mobile Ad Hoc Networks and QoS Issues
Next by thread: Re: doubt on draft-ietf-ipsec-nat-t-ike-01.txt
Index(es):
- Date
- Thread