[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: peer address protection and NAT Traversal

To: Francis Dupont <Francis.Dupont@xxxxxxxxxxxxxxxx>
Subject: Re: peer address protection and NAT Traversal
From: Ari Huttunen <Ari.Huttunen@xxxxxxxxxxxx>
Date: Mon, 13 Jan 2003 16:35:26 +0200
Cc: Charlie_Kaufman@xxxxxxxxxxxxxxxx, ipsec@xxxxxxxxxxxxxxxxx, owner-ipsec@xxxxxxxxxxxxxxxxx
Organization: F-Secure Corporation
References: <>
Sender: owner-ipsec@xxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.2) Gecko/20021120 Netscape/7.01

Francis Dupont wrote:

> So what I'd like to propose is that IPsec SAs *not* try to survive > mid-connection NAT renumberings. Well, it's intentionally left out of the current NAT traversal drafts. It was discussed at some point between the authors. Instead we specify NAT keepalives. => we have to specify in details the peer address management, and not only for NAT traversal but also for mobility and multi-homing.


You or anybody else is welcome to do it. I won't touch
that with a long pole :).

Ari

--
I play it cool and dig all jive,
 that's the reason I stay alive.
  My motto as I live and learn,
   is dig and be dug in return. <Langston Hughes>

Ari Huttunen                   phone: +358 9 2520 0700
Software Architect             fax  : +358 9 2520 5001

F-Secure Corporation http://www.F-Secure.com

F(ully)-Secure products: Securing the Mobile Enterprise

References:
- Re: peer address protection and NAT Traversal
  - From: Francis Dupont

Prev by Date: RE: Proposed Configuration payload for IKEv2
Next by Date: Re: A proposal
Previous by thread: Re: peer address protection and NAT Traversal
Next by thread: RE: peer address protection and NAT Traversal
Index(es):
- Date
- Thread