[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: peer address protection and NAT Traversal
Francis Dupont wrote:
> So what I'd like to propose is that IPsec SAs *not* try to survive
> mid-connection NAT renumberings.
Well, it's intentionally left out of the current NAT traversal drafts.
It was discussed at some point between the authors. Instead we specify
=> we have to specify in details the peer address management, and not only
for NAT traversal but also for mobility and multi-homing.
You or anybody else is welcome to do it. I won't touch
that with a long pole :).
I play it cool and dig all jive,
that's the reason I stay alive.
My motto as I live and learn,
is dig and be dug in return. <Langston Hughes>
Ari Huttunen phone: +358 9 2520 0700
Software Architect fax : +358 9 2520 5001
F-Secure Corporation http://www.F-Secure.com
F(ully)-Secure products: Securing the Mobile Enterprise