-------------------- Lakshminath Dondeti (2005-07-08) o If NAT Traversal is supported and NAT detection payloads were included, enables or disables NAT Traversal. I may be wrong, but is disabling NAT Traversal a possibility here? -------------------- Pasi Eronen (2005-07-12): Hmm.. any reasons why it wouldn't be? The text is a bit short here, but it roughly means that "if NAT detection payloads show that there's no NAT, then don't use UDP encapsulation for outgoing ESP packets any more" (Or did you mean that it would be better to use some other words than "enable" and "disable" here?) -------------------- Jari Arkko (2005-07-30): I think your thinking is correct here, but the text needs to be expanded. We have the following cases: o NAT-T supported by responder, no NAT payloads from initiator, address changed o NAT-T supported by responder, no NAT payloads from initiator, address not changed o NAT-T supported by responder, NAT payloads from initiator, address changed o NAT-T supported by responder, NAT payloads from initiator, address not changed o NAT-T not supported by responder, no NAT payloads from initiator, address changed o NAT-T not supported by responder, no NAT payloads from initiator, address not changed o NAT-T not supported by responder, NAT payloads from initiator, address changed o NAT-T not supported by responder, NAT payloads from initiator, address not changed I believe only case 3 should lead to UDP encapsulation being turned on. Cases 2, 4, 6, 8 turn it off, and cases 1, 5, and 7 should lead to some kind of an error, I think... this may already be specified somehow in the original IKEv2 specs, I have not checked... -------------------- Jari Arkko (2005-08-15): Issue 22: NAT preventation name. The current name of the payload is NAT_PREVENTION, which has led people to believe that we're actually disabling NATs. Unfortunately, we can only achieve the detection of a NAT and refuse to operate over such a link. The proposal is to change the name of the payload (and the corresponding error) to more descriptive ones. I believe we can leave the details to the editor, but names such as NO_NAT_POLICY and DISALLOW_NATS have been suggested. -------------------- Tero Kivinen (2005-08-23): Those names are not very good, but as I cannot think any better... --------------------