[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Some IKE/NAT questions



 In your previous mail you wrote:

   => we had already this discussion (port 500 or a new port).
   BTW NAT traversal has a major security problem and it is very
   fine to be able to associate the port 4500 to IPsec (i.e.,
   not only IKE) with active NAT traversal.
    
   What is the major security problem?
    
=> draft-dupont-transient-pseudonat-01.txt
(the easy fix is to enable NAT traversal only when it is needed)

Regards

Francis.Dupont@enst-bretagne.fr