[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: NAT Traversal

To: "'Takaoka Takayoshi'" <ttakaoka@nvc.co.jp>, <ipsec@lists.tislabs.com>
Subject: RE: NAT Traversal
From: "Jayant Shukla" <jshukla@trlokom.com>
Date: Fri, 22 Feb 2002 20:12:48 -0800
Importance: Normal
In-Reply-To: <119170422361D311B41900A0CC419794E0F0E9@white3.nvc.co.jp>
Sender: owner-ipsec@lists.tislabs.com

Yes, it is the same issue that causes several problems. IPsec pass-thru
enabled routers monitor the cookie to route the IKE messages (they use
cookies for IKE and SPI for IPsec messages). 

Putting 8 bytes of zero where the cookie should be creates problems for
IPsec messages as they might be routed to the wrong host. In keep-alive
messages there is nothing where the cookie should be and so they get
dropped.


Regards,
Jayant



> -----Original Message-----
> From: owner-ipsec@lists.tislabs.com
[mailto:owner-ipsec@lists.tislabs.com]
> On Behalf Of Takaoka Takayoshi
> Sent: Friday, February 22, 2002 1:43 AM
> To: 'Jayant Shukla'; ipsec@lists.tislabs.com
> Subject: RE: NAT Traversal
> 
> That means, a certain router drop the IKE keep-alive packet, right?
> I need more information for this issue.
> 
> Best regards,
> Taka
> 
> -----Original Message-----
> From: Jayant Shukla [mailto:jshukla@trlokom.com]
> Sent: Friday, February 22, 2002 1:18 PM
> To: ipsec@lists.tislabs.com
> Subject: NAT Traversal
> 
> 
> 
> The proposed NAT traversal method runs into problems with some routers
> that
> monitor the IKE cookies. What steps are being taken to overcome this
> problem?
> 
> Regards,
> Jayant
> 
>

Follow-Ups:
- Re: NAT Traversal
  - From: Derek Atkins <derek@ihtfp.com>

References:
- RE: NAT Traversal
  - From: Takaoka Takayoshi <ttakaoka@nvc.co.jp>

Prev by Date: info on new nat-t
Next by Date: RE: NAT Traversal
Prev by thread: RE: NAT Traversal
Next by thread: Re: NAT Traversal
Index(es):
- Date
- Thread