[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: NAT Traversal

To: pcn@cisco.com
Subject: RE: NAT Traversal
From: Paul Koning <pkoning@equallogic.com>
Date: Mon, 4 Mar 2002 17:28:35 -0500
Cc: ipsec@lists.tislabs.com
References: <Pine.GSO.4.33.0203041231460.23950-100000@cypher.cisco.com><Pine.GSO.4.33.0203041304470.23950-100000@cypher.cisco.com>
Sender: owner-ipsec@lists.tislabs.com

>>>>> "Chinna" == Chinna N R Pellacuru <pcn@cisco.com> writes:

 Chinna> And considering the fact that an IPsec SA is identified by
 Chinna> the tuple: Destination, Protocol and SPI, the probability of
 Chinna> a collision is even lower, and for all practical purposes
 Chinna> zero.

But we're talking about NAT.  NAT hides addresses behind it and makes
everything look like a single address.

So in the context of NAT (at the other end) you have lots of SAs from
the same address, and of course the protocol is constant (50).

    paul

Follow-Ups:
- RE: NAT Traversal
  - From: "Chinna N.R. Pellacuru" <pcn@cisco.com>

References:
- RE: NAT Traversal
  - From: "Chinna N.R. Pellacuru" <pcn@cisco.com>
- RE: NAT Traversal
  - From: "Chinna N.R. Pellacuru" <pcn@cisco.com>

Prev by Date: Re: NAT Traversal
Next by Date: Re: NAT Traversal
Prev by thread: RE: NAT Traversal
Next by thread: RE: NAT Traversal
Index(es):
- Date
- Thread