[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Ipsec] VID for nat traversal
Michael Richardson writes:
> It is my understanding that someone who implemented -03 can interop
> with someone who has done -08.
Partly. They will interoperate if they use tunnel mode, if they try to
use transport mode the -08 implementation will assume/send two NAT-OA
payloads, and the -03 will only assume/send one NAT-OA payload. This
will most likely cause them to fail to negotiate. Also in the -08 the
NAT-OA payloads are MANDATORY if using transport mode, as in the -03
it was only SHOULD.
If they only use tunnel mode then the protocol itselfs are
interoperable. Of course the -03 had numbers from the private use
range, the -08 have invalid numbers from the IANA allocated range.
So if you need to ship your products now, and want to have RFC
compatibility, then implement the latest draft and make the VID, NAT-D
and NAT-OA payload numbers configurable by some config file / registry
or any other wierd method. Then you can test it with other vendors, by
simply agreeing on something when testing and when the final numbers
will be out in month or two, you can change them easily. The
UDP-encapsulated-transport and UDP-encapsulated-tunnel are probably
staying same...
--
kivinen@safenet-inc.com
_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec