[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: UDP-encapsulated IPsec Transport mode

To: "ipsec@lists.tislabs.com" <ipsec@lists.tislabs.com>
Subject: RE: UDP-encapsulated IPsec Transport mode
From: Jerry Yao <jerryyao@mail.jl.cn>
Date: Mon, 18 Nov 2002 21:55:33 +0800
Cc: "james.huang@watchguard.com" <james.huang@watchguard.com>
Sender: owner-ipsec@lists.tislabs.com

Hello
	I think the best method to solve NAT-T problem is to use technique like build-in NAT above IPSec. When Suzi received packet from Ari or Bob, firstly translates the source address of the packet to Ari's or Bob's private address, then applies the ipsec functions, then passes the packet up to TCP or UDP.When sending, after applies the ipsec functions, encapsulates the packet with UDP header whose target address and port are the same to the address and port of original packet that received from Ari or Bob.
	But according to draft-ietf-ipsec-udp-encaps-04.txt, SSH may have intellectual property rights relating to this implementation technique. Is that mean that we can't solve the problem  that way?

Prev by Date: Re: Traffic Selectors
Next by Date: Re: support for v1 certificates?
Prev by thread: RE: UDP-encapsulated IPsec Transport mode
Next by thread: I-D ACTION:draft-ietf-ipsec-pki-profile-01.txt
Index(es):
- Date
- Thread