[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: NAT Traversal
> -----Original Message-----
> From: owner-ipsec@lists.tislabs.com
[mailto:owner-ipsec@lists.tislabs.com]
> On Behalf Of Derek Atkins
> Sent: Tuesday, February 26, 2002 4:28 PM
> To: Chinna N.R. Pellacuru
> Cc: Markus Stenberg; ipsec@lists.tislabs.com
> Subject: Re: NAT Traversal
>
> "Chinna N.R. Pellacuru" <pcn@cisco.com> writes:
>
> > In what "other" cases are you saying we need to do IPsec transport
mode
> > through NAT? Someone gets a private address, and does plain IPsec
> > transport mode through NAT! to whom? and why?
>
> Here's an example: A person at a conference who's laptop is setup to
> perform RSA-based transport-mode opportunistic encryption, but where
> the conference is sitting on a NAT? I've been to conferences where
> they conference LAN is sitting behind a NAT, but I would still like to
> be able to use my laptop and the services it has the same way I would
> if I were NOT sitting behind a NAT. To my laptop, it shouldn't
> matter.
>
> Keep in mind that the user who wants to run IPsec and the manager who
> runs the network with a NAT may NOT be the same person!
>
> -derek
>
Are you sure you are allowed to use the transport mode?? AFAIK, Section
4.6.2 of the draft (draft-richardson-ipsec-opportunistic-06.txt)
mandates the use of TUNNEL mode. Your example is not good!
Regards,
Jayant
http://www.trlokom.com