[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: NAT Traversal
> -----Original Message-----
> From: owner-ipsec@lists.tislabs.com
[mailto:owner-ipsec@lists.tislabs.com]
> On Behalf Of Chinna N.R. Pellacuru
>
> For our solution we do not require to even discover NAT. The SPIs can
be
> generated as a pair in all cases because this is such a simple
operation.
> If there are any NATs enroute, they will use this property to
de-multiplex
> the IPsec traffic and do IPsec pass-through.
>
So, you are suggesting modifications to IKE, right?
This is interesting! According to your earlier e-mail, IKE modification
for "NAT discovery" is not acceptable, but now IKE modification for "NAT
traversal" is acceptable?
Regards,
Jayant
http://www.trlokom.com
> If doing encapsulation, you MUST do NAT discovery becuase the price
they
> pay for encapsulation is high, 16 bytes of overhead (okay not 24 as I
said
> in my previous mail). So, you want to do encapsulation and send
keepalives
> every 9 seconds, only when you are absolutely sure that it is needed.
>
> Thanks again for your support,
> chinna