About UDP Encapsulation of IPsec Packets
Jerry Yao <jerryyao@mail.jl.cn> Mon, 22 April 2002 08:14 UTC
Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g3M8Exa15755; Mon, 22 Apr 2002 01:14:59 -0700 (PDT)
Received: by lists.tislabs.com (8.9.1/8.9.1) id DAA09657 Mon, 22 Apr 2002 03:06:16 -0400 (EDT)
Date: Mon, 22 Apr 2002 15:20:59 +0800
From: Jerry Yao <jerryyao@mail.jl.cn>
Subject: About UDP Encapsulation of IPsec Packets
To: ipsec@lists.tislabs.com
Message-id: <002401c1e9ce$61e46f60$04a7c6ca@server>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V5.00.2919.6700
X-Mailer: Microsoft Outlook Express 5.00.2919.6700
Content-type: text/plain; charset="Windows-1252"
Content-transfer-encoding: 7bit
X-Priority: 3
X-MSMail-priority: Normal
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk
I read the IETF draft "UDP Encapsulation of IPsec Packets" and I have a question about it.
If I receive a packet from the communication peer who behind NAT, and the packet is Transport Mode ESP Encapsulation:
-------------------------------------------------------------
IPv4 |orig IP hdr | UDP | Non-| ESP | | | ESP | ESP|
|(any options)| Hdr | IKE | Hdr | TCP | Data | Trailer |Auth|
-------------------------------------------------------------
|<----- encrypted ---->|
|<------ authenticated ----->|
Now I don't know the original IP address of the communication peer, How can I locate the corresponding sa to decrypt or authenticate the ESP packet?
- About UDP Encapsulation of IPsec Packets Jerry Yao
- Re: About UDP Encapsulation of IPsec Packets Ari Huttunen
- Thanks for answering: About UDP Encapsulation of … Jerry Yao
- Re: Thanks for answering: About UDP Encapsulation… Bill Sommerfeld
- Extended seq number Ramana Yarlagadda