[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PMTU and NAT-Traversal problem

To: ipsec@lists.tislabs.com
Subject: PMTU and NAT-Traversal problem
From: Lokesh <lokeshnb@intotoinc.com>
Date: Mon, 10 Jun 2002 16:04:25 +0530
Sender: owner-ipsec@lists.tislabs.com

Hi all,
Is there anybody who implemented  following  in a security Gateway?
1. draft-ietf-ipsec-nat-t-ike-01.txt   and  draft-ietf-ipsec-udp-encaps-01.txt
2. Section 6 [ PMTU processing by IPSEC] of IPSec RFC (2401).
if so, how did you solve following problem?.........

For Unauthenticated ICMP PMTU message processing:

The PMTU processing  bound to fail, since ICMP PMTU error message would 
include
only IP Hdr and 64 bits of IPsec Hdr information. Since UDP Encaps and NAT 
Traversal drafts encapsulate ipsec packets in UDP and put a 8 byte NON IKE 
marker,(totalling 16 bytes)
PMTU error message returned will not have enough information to find the 
SA's at the receiving
Security Gateway. How to solve this problem? any suggestions?
any help in this regard is highly appreciated.
Thanks
Lokesh

Prev by Date: What if another ISAKMP sa is being negotiated for two peers?
Next by Date: RE: PMTU and NAT-Traversal problem
Prev by thread: What if another ISAKMP sa is being negotiated for two peers?
Next by thread: RE: PMTU and NAT-Traversal problem
Index(es):
- Date
- Thread