[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IDci and IDcr payloads with NAT Traversal







I have a question about the ID payloads exchanged in Quick Mode
when NAT Traversal is being utilized in the following scenario:

HOST A ----> GW ----> GW's NAT ----> B's NAT ----> HOST B
10.1.1.123   10.1.1.1                              10.2.2.2


Where:
- The private address for HOST A is 10.1.1.123
- The private address for GW is 10.1.1.1
- GW's NAT translates 10.1.1.1. to x.x.x.x

- The private address for HOST B is 10.2.2.2
- B's NAT translates 10.2.2.2 to y.y.y.y

- GW is trying to create a phase 2 SA with HOST B
  to protect traffic between HOST A and HOST B

My questions are:
- is this a valid scenario?
- if it is, then what IP addresses should be utilized in IDci and IDcr?

Thanks

Dave Wierbowski


z/OS Comm Server Developer