Re: Some IKE/NAT questions
Francis Dupont <Francis.Dupont@enst-bretagne.fr> Wed, 26 February 2003 02:07 UTC
Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA25308 for <ipsec-archive@lists.ietf.org>; Tue, 25 Feb 2003 21:07:43 -0500 (EST)
Received: by lists.tislabs.com (8.9.1/8.9.1) id TAA04049 Tue, 25 Feb 2003 19:18:32 -0500 (EST)
Message-Id: <200302260018.h1Q0I0of060264@givry.rennes.enst-bretagne.fr>
From: Francis Dupont <Francis.Dupont@enst-bretagne.fr>
To: "Fridie, Brian" <BFridie@Datavision.com>
cc: ipsec@lists.tislabs.com
Subject: Re: Some IKE/NAT questions
In-reply-to: Your message of Tue, 25 Feb 2003 11:48:46 EST. <AB9C0F05D8932A4BB08236C968D745AA29ADD6@exchange2.rootone.datavision.com>
Date: Wed, 26 Feb 2003 01:18:00 +0100
X-Virus-Scanned: by amavisd-milter (http://amavis.org/) at enst-bretagne.fr
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk
In your previous mail you wrote:
=> we had already this discussion (port 500 or a new port).
BTW NAT traversal has a major security problem and it is very
fine to be able to associate the port 4500 to IPsec (i.e.,
not only IKE) with active NAT traversal.
What is the major security problem?
=> draft-dupont-transient-pseudonat-01.txt
(the easy fix is to enable NAT traversal only when it is needed)
Regards
Francis.Dupont@enst-bretagne.fr
- Some IKE/NAT questions Radia Perlman - Boston Center for Networking
- Re: Some IKE/NAT questions Francis Dupont
- RE: Some IKE/NAT questions Fridie, Brian
- Re: Some IKE/NAT questions Francis Dupont