[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: NAT Traversal

To: Paul Koning <pkoning@equallogic.com>
Subject: RE: NAT Traversal
From: "Chinna N.R. Pellacuru" <pcn@cisco.com>
Date: Mon, 4 Mar 2002 14:12:00 -0800 (PST)
cc: <ipsec@lists.tislabs.com>
In-Reply-To: <15491.61081.840848.291447@pkoning.dev.equallogic.com>
Sender: owner-ipsec@lists.tislabs.com

On Mon, 4 Mar 2002, Paul Koning wrote:

> >>>>> "Chinna" == Chinna N R Pellacuru <pcn@cisco.com> writes:
>
>  Chinna> On Mon, 4 Mar 2002, Srinivasa Addepalli wrote:
>  >> Also think of Manual Key Managed IPSEC policies. SPIs are manually
>  >> configured.
>
>  Chinna> And, why can't manually configured SPIs follow the new
>  Chinna> semantics?
>
> Because users aren't about to do a hash calculation when they are
> asked what SPI values they want?

Too bad for them, they can't get through NAT.

>
> The more I look at the feedback the more I get the impression that
> this proposal is all hole.
>

It's not impossible to get manual keying working through our scheme, and
how important is manual keying to this discussion?

So, do you have a solution that is not "all hole"? If you think you have
one, then please give out the details, and the rest of us will try to see
if it is really not "all hole".

In any solution there are tradeoffs. We would have debate whether a
tradeoff is sensible, and whether the downside is prohibitive.

    chinna

References:
- RE: NAT Traversal
  - From: Paul Koning <pkoning@equallogic.com>

Prev by Date: Re: NAT Traversal
Next by Date: RE: NAT Traversal
Prev by thread: RE: NAT Traversal
Next by thread: RE: NAT Traversal
Index(es):
- Date
- Thread