"direct endpoint-to-endpoint connectivity may not be possible if both endpoints 
are NATed"

Why?  There are several protocols (SIP/RTP come to mind) that manage 
endpoint-to-endpoint connectivity even when both are behind NAT. Why shouldn't 
IPsec endpoints do this?

If this requires some new NAT traversal mechanism, perhaps using a hub gateway 
in place of the SIP SBC, then this should be part of the requirements.

This mechanism is needed even if only one endpoint is NATted, otherwise we're 
constraining who the initiator has to be.

Yoav

On Mar 21, 2012, at 3:31 AM, Stephen Hanna wrote:

> Another issue. Please comment on Suggested Resolution.
> 
> Thanks,
> 
> Steve
> 
> -----Original Message-----
> From: ipsecme issue tracker [mailto:t...@tools.ietf.org] 
> Sent: Tuesday, March 20, 2012 6:58 PM
> To: yaronf.i...@gmail.com; draft-ietf-ipsecme-p2p-vpn-prob...@tools.ietf.org
> Subject: [ipsecme] #213: In use case 2.1, direct endpoint-to-endpoint 
> connectivity may not be possible
> 
> #213: In use case 2.1, direct endpoint-to-endpoint connectivity may not be
> possible
> 
> In use case 2.1, direct endpoint-to-endpoint connectivity may not be possible
> if both endpoints are NATed.
> 
> Suggested Resolution: Mention this in section 2.1.
> 
> -- 
> -------------------------+-------------------------------------------------
>  Reporter:              |      Owner:  draft-ietf-ipsecme-p2p-vpn-
>  yaronf.ietf@…          |  problem@…
>      Type:  defect      |     Status:  new
>  Priority:  normal      |  Milestone:
> Component:  p2p-vpn-    |   Severity:  -
>  problem                |   Keywords:
> Resolution:              |
> -------------------------+-------------------------------------------------
> 
> Ticket URL: <http://trac.tools.ietf.org/wg/ipsecme/trac/ticket/213#comment:1>
> ipsecme <http://tools.ietf.org/ipsecme/>
> 
> _______________________________________________
> IPsec mailing list
> IPsec@ietf.org
> https://www.ietf.org/mailman/listinfo/ipsec
> IƧ��[�(^rC�{S�֥I�.�+r�^��

_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

Reply via email to