[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
PMTU and NAT-Traversal problem
Hi all,
Is there anybody who implemented following in a security Gateway?
1. draft-ietf-ipsec-nat-t-ike-01.txt and draft-ietf-ipsec-udp-encaps-01.txt
2. Section 6 [ PMTU processing by IPSEC] of IPSec RFC (2401).
if so, how did you solve following problem?.........
For Unauthenticated ICMP PMTU message processing:
The PMTU processing bound to fail, since ICMP PMTU error message would
include
only IP Hdr and 64 bits of IPsec Hdr information. Since UDP Encaps and NAT
Traversal drafts encapsulate ipsec packets in UDP and put a 8 byte NON IKE
marker,(totalling 16 bytes)
PMTU error message returned will not have enough information to find the
SA's at the receiving
Security Gateway. How to solve this problem? any suggestions?
any help in this regard is highly appreciated.
Thanks
Lokesh