[prev in list] [next in list] [prev in thread] [next in thread]
List: ipsec
Subject: [Ipsec] Re: NAT-T in the face of changing IPs
From: Michael Richardson <mcr () sandelman ! ca>
Date: 2007-07-25 20:31:43
Message-ID: f88bvg$i9h$1 () sea ! gmane ! org
[Download RAW message or body]
Tero Kivinen wrote:
>> I.e. a different UDP port. Apparently, this is a problem for openswan.
>
> I guess you mean to say different IP-address, not port. The port is of
> course different as it is behind NAT.
Yes, that's what I meant.
>> Was this a case that I just didn't code for, or is this a gap in the
>> specification?
>
> NAT-T specs do say that it can come from different IP-address. It even
> specifies that the IP address can change on the fly.
Yes, I just didn't expect it to change until after the phase 1 was
complete. I.e that it would change later on.
I agree that this behaviour is acceptable. I think I'll have code tested
soon for this tonight.
_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic