[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: NAT Traversal





> -----Original Message-----
> From: owner-ipsec@lists.tislabs.com
[mailto:owner-ipsec@lists.tislabs.com]
> On Behalf Of Chinna N.R. Pellacuru
> 
> For our solution we do not require to even discover NAT. The SPIs can
be
> generated as a pair in all cases because this is such a simple
operation.
> If there are any NATs enroute, they will use this property to
de-multiplex
> the IPsec traffic and do IPsec pass-through.
> 

So, you are suggesting modifications to IKE, right?

This is interesting! According to your earlier e-mail, IKE modification
for "NAT discovery" is not acceptable, but now IKE modification for "NAT
traversal" is acceptable?

Regards,
Jayant
http://www.trlokom.com 

> If doing encapsulation, you MUST do NAT discovery becuase the price
they
> pay for encapsulation is high, 16 bytes of overhead (okay not 24 as I
said
> in my previous mail). So, you want to do encapsulation and send
keepalives
> every 9 seconds, only when you are absolutely sure that it is needed.
> 
>     Thanks again for your support,
>     chinna