[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: peer address protection and NAT Traversal



Francis Dupont wrote:
> So what I'd like to propose is that IPsec SAs *not* try to survive
> mid-connection NAT renumberings.
Well, it's intentionally left out of the current NAT traversal drafts.
It was discussed at some point between the authors. Instead we specify
NAT keepalives.
=> we have to specify in details the peer address management, and not only
for NAT traversal but also for mobility and multi-homing.

You or anybody else is welcome to do it. I won't touch that with a long pole :).

Ari

--
I play it cool and dig all jive,
 that's the reason I stay alive.
  My motto as I live and learn,
   is dig and be dug in return. <Langston Hughes>

Ari Huttunen                   phone: +358 9 2520 0700
Software Architect             fax  : +358 9 2520 5001

F-Secure Corporation http://www.F-Secure.com

F(ully)-Secure products: Securing the Mobile Enterprise