[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: NAT Traversal
Yes, it is the same issue that causes several problems. IPsec pass-thru
enabled routers monitor the cookie to route the IKE messages (they use
cookies for IKE and SPI for IPsec messages).
Putting 8 bytes of zero where the cookie should be creates problems for
IPsec messages as they might be routed to the wrong host. In keep-alive
messages there is nothing where the cookie should be and so they get
dropped.
Regards,
Jayant
> -----Original Message-----
> From: owner-ipsec@lists.tislabs.com
[mailto:owner-ipsec@lists.tislabs.com]
> On Behalf Of Takaoka Takayoshi
> Sent: Friday, February 22, 2002 1:43 AM
> To: 'Jayant Shukla'; ipsec@lists.tislabs.com
> Subject: RE: NAT Traversal
>
> That means, a certain router drop the IKE keep-alive packet, right?
> I need more information for this issue.
>
> Best regards,
> Taka
>
> -----Original Message-----
> From: Jayant Shukla [mailto:jshukla@trlokom.com]
> Sent: Friday, February 22, 2002 1:18 PM
> To: ipsec@lists.tislabs.com
> Subject: NAT Traversal
>
>
>
> The proposed NAT traversal method runs into problems with some routers
> that
> monitor the IKE cookies. What steps are being taken to overcome this
> problem?
>
> Regards,
> Jayant
>
>