[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Another NAT Traversal question

IKEv2 is being defined fresh. Why can't we use port 500 for the purpose of
     NAT Traversal. If we make this packet also containing first four bytes after
     UDP header as 0s in case of IKE packet, then there is no need for port 4500


Francis Dupont wrote:

In your previous mail you wrote:

The checksum is being fixed according to the new IP addresses in the IP
header and therefore you don't need the original IP address. => so you give up the transport checksum ?

>From what I recall, the authors had given up on the transport mode and
one of them had stated on this list that only 'tunnel mode' will be
pushed for v2.
=> I am afraid that there is no consensus to drop the transport mode,
so as the NAT traversal is in the charter, there is a problem to
really solve.