[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Another NAT Traversal question
IKEv2 is being defined fresh. Why can't we use port 500 for the purpose of
NAT Traversal. If we make this packet also containing first four bytes after
UDP header as 0s in case of IKE packet, then there is no need for port 4500
Francis Dupont wrote:
In your previous mail you wrote:
The checksum is being fixed according to the new IP addresses in the IP
header and therefore you don't need the original IP address.
=> so you give up the transport checksum ?
>From what I recall, the authors had given up on the transport mode and
one of them had stated on this list that only 'tunnel mode' will be
pushed for v2.
=> I am afraid that there is no consensus to drop the transport mode,
so as the NAT traversal is in the charter, there is a problem to