Hi Konstantin, > Hi, > > Adding lookaside IPsec UDP encapsulation support > > for NAT traversal. > > Added --udp-encap option for application to specify > > if UDP encapsulation need to be enabled. > > Example secgw command with UDP encapsultation enabled: > > <secgw> -c 0x1 -- -P -p 0x1 --config "(0,0,0)" -f ep0.cfg --udp-encap > > Can we have it not as global, but a per SA option? > Add new keyword for SA/SP into ipsec-secgw config file, etc. > Konstantin >
Any specific reason to make udp_encap as per SA? UDP encapsulation is a feature which I believe should be application vide. If it supports the feature it should be enabled for all SAs when the UDP port is 4500 which is reserved for it. Regards, Akhil