Yaron Sheffer writes: > [2.23, NAT Traversal] > > o Implementations MUST process received UDP-encapsulated ESP packets > > even when no NAT was detected. > > > > o The original source and destination IP address required for the > > transport mode TCP and UDP packet checksum fixup (see [UDPENCAPS]) > > are obtained from the Traffic Selectors associated with the > > exchange. In the case of NAT traversal, the Traffic Selectors > > MUST contain exactly one IP address, which is then used as the > > original IP address. > > Tero: > > Getting original source and destination IP address from the traffic > selectors do not really work currently. Especially when combined with > the selectors from the packet and when responder is behind nat or > similar problems. > > Paul: Not done. Specify replacement text and discuss on the mailing list. > > People who care about Transport Mode are requested to help resolve this NAT > Traversal issue.
I wrote better long description about the problem, and also proposed solution text at 2009-04-07: http://www.ietf.org/mail-archive/web/ipsec/current/msg04131.html -- kivi...@iki.fi _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
