[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Question about draft-ietf-ipsec-nat-t-ike-06.txt.
On Tuesday, June 24, 2003, at 10:12, Jesse Alpert wrote:
> In section 3.2 of the nat-t draft (version 06) it says:
> "If the sender of the packet does not know his own IP address ...
> he can include multiple ..."
> But in section 5.2. - Sending the original source and destination
> there is no discussion about this problem.
> Question: If the sender of the packet does not know his own IP address
> address is he supposed to put in his NAT-OA payload?
> What am I missing?
I believe this is done to handle the case where a multihomed host may
send from a number of addresses. The IKE implementation may not know
which address will be used to send the packet, so it may include a nat
detection payload for each address. When the packet is received, if
none of the nat detection payloads match the address the packet was
from, then a NAT is there.
The sender must know the possible IP addresses. It may not know the
specific address that will be picked by the stack.