[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NAT Traversal

To: Saroop Mathur <saroop1@xxxxxxxxx>
Subject: Re: NAT Traversal
From: "Scott G. Kelly" <skelly@xxxxxxxxxxxxx>
Date: Tue, 05 Mar 2002 09:28:43 -0800
Cc: ipsec@xxxxxxxxxxxxxxxxx
Organization: SonicWall
References: <>
Sender: owner-ipsec@xxxxxxxxxxxxxxxxx

Saroop Mathur wrote:
> If changing the ESP header bits is an option, then it may make more
> sense to include both source and dest SPIs in the header instead of
> increasing the SPI size to either 6 or 8 bytes. IP, TCP and UDP include
> both src/dest fields. This way the semantics of the entire SPI bits
> remain with the entity generating the SPIs while allowing the NAT
> devices to allow proper mapping.
> 
> In order to maintain 8-byte alignment, the Sequence number can also be
> increased to 64 bits. Alternatively SPIs can be increased to 48-bits
> and the sequence number bits remain the same.

One obvious problem with changing the ESP header is that it does not
contain a version number. Hence, an intermediary (such as a nat box)
would have difficulty determining what it was looking at. I don't think
changing the ESP header is seriously up for consideration here.

Scott

Follow-Ups:
- Re: NAT Traversal
  - From: sankar ramamoorthi

References:
- RE: NAT Traversal
  - From: Saroop Mathur

Prev by Date: ICON2002 - Call-For-Papers Deadline Extension
Next by Date: RE: NAT Traversal
Previous by thread: RE: NAT Traversal
Next by thread: Re: NAT Traversal
Index(es):
- Date
- Thread