[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Clarification of potential NAT multiple client solutions

To: ipsec@lists.tislabs.com
Subject: Re: Clarification of potential NAT multiple client solutions
From: Jerry Yao <jerryyao@mail.jl.cn>
Date: Mon, 02 Sep 2002 22:04:18 +0800
References: <2E33960095B58E40A4D3345AB9F65EC1056BF00A@win-msg-01.wingroup.windeploy.ntdev.microsoft.com>
Sender: owner-ipsec@lists.tislabs.com

I think to solve the conflicts described in draft-ietf-ipsec-udp-encaps-03.txt sections 5.2 and 5.3, we should include the port as a part of selector, than the server can pick out the corresponding SA to protect the packets that send to clients behind the NAT. Is there any problem to involve port as a part of selector?


> We have had requests to clarify potential solutions to problem of multiple clients behind the same NAT simultaneously connecting to the same destination IP address. draft-ietf-ipsec-udp-encaps-03.txt sections 5.2 and 5.3 say you MUST avoid the problem.  Therefore you must implement some kind of solution for this problem.  If your solution is not to support the scenario, you can still interoperate with others and support just one client behind the same NAT with SA state to you at any one time.
> http://www.ietf.org/internet-drafts/draft-ietf-ipsec-udp-encaps-03.txt

Prev by Date: the first message to responder
Next by Date: Re: suites - phase 1 vs 2
Prev by thread: the first message to responder
Next by thread: Re: suites - phase 1 vs 2
Index(es):
- Date
- Thread