[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Question about draft-ietf-ipsec-nat-t-ike-06.txt.




On Tuesday, June 24, 2003, at 10:12, Jesse Alpert wrote:

> Hi,
>
> In section 3.2 of the nat-t draft (version 06) it says:
> "If the sender of the packet does not know his own IP address ...
> he can include multiple ..."
>
> But in section 5.2. - Sending the original source and destination 
> addresses,
> there is no discussion about this problem.
>
> Question: If the sender of the packet does not know his own IP address 
> what
> address is he supposed to put in his NAT-OA payload?
>
> What am I missing?

I believe this is done to handle the case where a multihomed host may 
send from a number of addresses. The IKE implementation may not know 
which address will be used to send the packet, so it may include a nat 
detection payload for each address. When the packet is received, if 
none of the nat detection payloads match the address the packet was 
from, then a NAT is there.

The sender must know the possible IP addresses. It may not know the 
specific address that will be picked by the stack.

-josh