[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: NAT Traversal
"Jayant Shukla" <jshukla@trlokom.com> writes:
> > Note that RSIP != NAT (per se). Since RSIP requires interaction
> > between the sending client and the translator gateway, I don't see a
> > problem with the NAT traversal drafts. If the client is RSIPsec
> > aware, then it does not need IPsec NAT traversal (because it knows
> > what the external address will be). So, what's the problem? If it's
> > using RSIP, it doesn't use NAT Traversal. It's sort of like if you're
> > using TCP on a socket, you can't use UDP on that socket.
> >
> > So, again, I don't see the problem. There are two protocols that
> > effectively do the same thing; you just cannot use them both at the
> > same time. However, the client KNOWS when it's using one of them so
> > it can make the choice about which one to use.
> >
> > -derek
>
> So you have concluded that there is NO problem? This is great, just a
> while ago you had no clue how the pass-thru worked and now you have
> concluded that there is no problem. Amazing!
Note that I started with RSIP != NAT. I still maintain this. RSIP
requires client interaction with the gateway (RSIP server) for it
to work. Sure, you can base a multiplexing on the SPI if the client
is going to tell it to the gateway. But that is __NOT__ a NAT. NAT
boxes imply a box that just munges packets.
My point is that what you are complaining about, NAT-T v. RSIP, isn't
an issue, because the client would know not to use NAT-T if they are
using RSIP. Considering the client needs to be aware of (and involved
in) the RSIP negotiation, they can easily not perform the NAT-T
negotiation, too.
> Regards,
> Jayant
-derek
--
Derek Atkins
Computer and Internet Security Consultant
derek@ihtfp.com www.ihtfp.com