[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Another NAT Traversal question

To: Ari Huttunen <Ari.Huttunen@f-secure.com>
Subject: Re: Another NAT Traversal question
From: Francis Dupont <Francis.Dupont@enst-bretagne.fr>
Date: Wed, 26 Feb 2003 11:42:14 +0100
cc: Jayant Shukla <jshukla@trlokom.com>, radia.perlman@sun.com, ipsec@lists.tislabs.com
In-reply-to: Your message of Wed, 26 Feb 2003 10:27:18 +0200. <3E5C7A66.902@f-secure.com>
Sender: owner-ipsec@lists.tislabs.com

 In your previous mail you wrote:

   Francis Dupont wrote:
   >    >From what I recall, the authors had given up on the transport mode and
   >    one of them had stated on this list that only 'tunnel mode' will be
   >    pushed for v2.
   >    
   > => I am afraid that there is no consensus to drop the transport mode,
   > so as the NAT traversal is in the charter, there is a problem to
   > really solve.

   Let's ask it this way: what is the real need for transport mode ESP
   to work over NAT?

=> we have no choice : we need transport mode and there are NATs (including
in the charter)...

   You can do everything with tunnel mode ESP, including L2TP/IPsec.

=> there are two important differences between tunnel and transport modes:
overhead and selector checking. The first one can be removed with good
compression, including header compression, but the second cannot: tunnel
mode and transport mode over a tunnel will be ever different.
IMHO if we have to give up something, it should be the NAT traversal...

Regards

Francis.Dupont@enst-bretagne.fr

References:
- Re: Another NAT Traversal question
  - From: Ari Huttunen <Ari.Huttunen@f-secure.com>

Prev by Date: RE: OPEN ISSUES WG LAST CALL: draft-ietf-ipsec-ikev2-05.txt
Next by Date: The CR payload still
Prev by thread: Re: Another NAT Traversal question
Next by thread: RE: Another NAT Traversal question
Index(es):
- Date
- Thread