Firewall state assumes that all packets in a stream will have the same address. Change the address after state is established and see if the packet gets forwarded by the router.
Tony > -----Original Message----- > From: Brian E Carpenter [mailto:[email protected]] > Sent: Wednesday, January 28, 2009 2:52 PM > To: [email protected] > Cc: 'Fred Baker'; 'Christian Huitema'; 'Margaret Wasserman'; > [email protected]; 'Magnus Westerlund' > Subject: Clarification re shim6 [Re: [nat66] Preliminary BOF Request] > > On 2009-01-29 07:41, Tony Hain wrote: > ... > > Shim6 was DOA, because it inherently breaks what little security > > architecture there is > > It doesn't break IPsec. Can you clarify what you believe it breaks? > > Brian _______________________________________________ nat66 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nat66
