[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

NAT-T, IKEv2, Vendor ID, port floating??



Hi,

In IKEv1, peers should exchange vendor ID to know each other capability
of NAT-T.

In IKEv2, NAT-T implementation is optional. Should we exchange Vendor ID
(NAT-T) at Initial exchange? 

If the answer is yes, that means we have Vendor ID with NAT-Detect
payload on the Initial exchange? We should know the order of payload at
the message.

Another question is that Initiator and Responder exchange the NAT-D to
find the NAT existence at Initial Exchange. Does it mean at the AUTH
exchange, both peers should float the port to 4500?

Thanks,

Tom Hu