[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Another NAT Traversal question
Sure you can do L2TP/IPsec with tunnel mode, but that wastes another 20
bytes for the extra IP header. This is AFAIK the only reason to prefer
I also believe that transport mode is not worth the trouble, but other
[mailto:owner-ipsec@xxxxxxxxxxxxxxxxx]On Behalf Of Ari Huttunen
Sent: Wednesday, February 26, 2003 10:27 AM
To: Francis Dupont
Cc: Jayant Shukla; radia.perlman@xxxxxxx; ipsec@xxxxxxxxxxxxxxxxx
Subject: Re: Another NAT Traversal question
Francis Dupont wrote:
> >From what I recall, the authors had given up on the transport mode and
> one of them had stated on this list that only 'tunnel mode' will be
> pushed for v2.
> => I am afraid that there is no consensus to drop the transport mode,
> so as the NAT traversal is in the charter, there is a problem to
> really solve.
Let's ask it this way: what is the real need for transport mode ESP
to work over NAT? You can do everything with tunnel mode ESP, including
ps. I do not represent anybody else except me personally on this issue.
I play it cool and dig all jive,
that's the reason I stay alive.
My motto as I live and learn,
is dig and be dug in return. <Langston Hughes>
Ari Huttunen phone: +358 9 2520 0700
Software Architect fax : +358 9 2520 5001
F-Secure Corporation http://www.F-Secure.com
F(ully)-Secure products: Securing the Mobile Enterprise