[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Another NAT Traversal question



Sure you can do L2TP/IPsec with tunnel mode, but that wastes another 20
bytes for the extra IP header.  This is AFAIK the only reason to prefer
transport mode.

I also believe that transport mode is not worth the trouble, but other
people disagree.

Yoav

-----Original Message-----
From: owner-ipsec@xxxxxxxxxxxxxxxxx
[mailto:owner-ipsec@xxxxxxxxxxxxxxxxx]On Behalf Of Ari Huttunen
Sent: Wednesday, February 26, 2003 10:27 AM
To: Francis Dupont
Cc: Jayant Shukla; radia.perlman@xxxxxxx; ipsec@xxxxxxxxxxxxxxxxx
Subject: Re: Another NAT Traversal question


Francis Dupont wrote:
>    >From what I recall, the authors had given up on the transport mode and
>    one of them had stated on this list that only 'tunnel mode' will be
>    pushed for v2.
>
> => I am afraid that there is no consensus to drop the transport mode,
> so as the NAT traversal is in the charter, there is a problem to
> really solve.

Let's ask it this way: what is the real need for transport mode ESP
to work over NAT? You can do everything with tunnel mode ESP, including
L2TP/IPsec.

ps. I do not represent anybody else except me personally on this issue.

Ari

--
I play it cool and dig all jive,
  that's the reason I stay alive.
   My motto as I live and learn,
    is dig and be dug in return. <Langston Hughes>

Ari Huttunen                   phone: +358 9 2520 0700
Software Architect             fax  : +358 9 2520 5001

F-Secure Corporation       http://www.F-Secure.com

F(ully)-Secure products: Securing the Mobile Enterprise