[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

About UDP Encapsulation of IPsec Packets

To: ipsec@lists.tislabs.com
Subject: About UDP Encapsulation of IPsec Packets
From: Jerry Yao <jerryyao@mail.jl.cn>
Date: Mon, 22 Apr 2002 15:20:59 +0800
Sender: owner-ipsec@lists.tislabs.com

I read the IETF draft "UDP Encapsulation of IPsec Packets" and I have a question about it. 
    If I receive a packet from the communication peer who behind NAT, and the packet is Transport Mode ESP Encapsulation:

         -------------------------------------------------------------
   IPv4  |orig IP hdr  | UDP | Non-| ESP |     |      |   ESP   | ESP|
         |(any options)| Hdr | IKE | Hdr | TCP | Data | Trailer |Auth|
         -------------------------------------------------------------
                                         |<----- encrypted ---->|
                                   |<------ authenticated ----->|

   Now I don't know the original IP address of the communication peer, How can I locate the corresponding sa to decrypt or authenticate the ESP packet?

Follow-Ups:
- Re: About UDP Encapsulation of IPsec Packets
  - From: Ari Huttunen <Ari.Huttunen@f-secure.com>

Prev by Date: discussing IP Security Working Group (IPsec)
Next by Date: I-D ACTION:draft-ietf-ipsec-udp-encaps-02.txt
Prev by thread: discussing IP Security Working Group (IPsec)
Next by thread: Re: About UDP Encapsulation of IPsec Packets
Index(es):
- Date
- Thread