[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UDP-encapsulated IPsec Transport mode



Hi all,
	In the appendix A of draft-ietf-ipsec-udp-encaps-04.txt, there is
some discussions on the issue of multiple clients running UDP-encapsulated
IPsec transport mode tunnels behind a NAT box.  However, I did not find any
discussion on another related issue:  In the traffic selector (ID) payload
the client sends out during quick mode exchange, should the client use its
own private address or the public routable address (i.e. the NAT box's
public IP address)?  If it the later, how does the client know about that
public address?  This seems to be a serious issue, especially for L2TP
voluntary tunnels secured by IPsec (in transport mode).

Regards,
James C. Huang