Hi Bob,
thanks for your question. See my response inline:
________________________________
Von: Bob Melander (KI/EAB) [mailto:[EMAIL PROTECTED]
Gesendet: Mittwoch, 21. Februar 2007 09:25
An: [email protected]
Betreff: [Pana] PANA and NAT traversal
I'm new to this list and I have some questions concerning PANA
and NAT traversal. I've been browsing the mail archive and the current
drafts but I still feel uncertain about what the status is.
What I wonder is pretty straight-forward. Is PANA applicable in
the following two NAT scenarios:
1. NAT between PAA and EP
+----------+ +--------+ +----+ +-----+ +-----+
| MN (PaC) |------| Router |---------| EP |---| NAT |---| PAA |
+----------+ +--------+ +----+ +-----+ +-----+
(One or
several)
.
<=== Bootstrapped IPSec tunnel ===>
My understanding is that PANA should work in such a scenario
(I've seen some slide set from IETF62). Correct? Any issues?
[Tschofenig, Hannes] Yes. PANA works in this case.
2. NAT between PaC and EP
+----------+ +-----+ +--------+ +----+
+-----+
| MN (PaC) |------| NAT |-----| Router |---------| EP |---| PAA
|
+----------+ +-----+ +--------+ +----+
+-----+
(One or
several)
.
<======== Bootstrapped IPSec tunnel ========>
Whether this is also supported I feel unsure about. My
understanding of PANA details is not deep enough. Will PANA work here?
[Tschofenig, Hannes] PANA also works in this case. Section 6 of
http://www.ietf.org/internet-drafts/draft-ietf-pana-ipsec-07.txt
provides the details. The important point is that the shared secret for
the IKE exchange is based on the ID_KEY_ID rather than the IP address.
If someone could provide answers to my questions I'd really
appreciate it.
Ciao
Hannes
Best regards,
Bob Melander
_______________________________________________
Pana mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/pana
