[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
About UDP Encapsulation of IPsec Packets
I read the IETF draft "UDP Encapsulation of IPsec Packets" and I have a question about it.
If I receive a packet from the communication peer who behind NAT, and the packet is Transport Mode ESP Encapsulation:
-------------------------------------------------------------
IPv4 |orig IP hdr | UDP | Non-| ESP | | | ESP | ESP|
|(any options)| Hdr | IKE | Hdr | TCP | Data | Trailer |Auth|
-------------------------------------------------------------
|<----- encrypted ---->|
|<------ authenticated ----->|
Now I don't know the original IP address of the communication peer, How can I locate the corresponding sa to decrypt or authenticate the ESP packet?