[Mobike] issue 3: nat traversal
Francis Dupont
Francis.Dupont at enst-bretagne.fr
Mon Jan 3 10:27:44 EST 2005
In your previous mail you wrote:
In the meantime, I wonder if we could get any leverage out of a "NAT expected"
bit -- carried in a secured part of the protocol. This would need to be
administratively configured. It would probably have to default to "on".
=> in fact I share your opinion with only a small difference: I'd like
to get a "NAT forbidden" bit.
If both peers have that bit cleared you would do NAT prevention; otherwise,
you would do NAT traversal if a NAT is detected.
=> NAT prevention and NAT detection are the same until there is a NAT
in the path. One is needed in mobike because as a side effect the peer
addresses are protected (because they are duplicated from the header
to the content of IKE message).
Note the choice really exists only for the initiator, the responder always
knows when there is a NAT in the path (i.e., it is not really symmetrical).
Thanks
Francis.Dupont at enst-bretagne.fr
More information about the Mobike
mailing list