|
To even know whether the packets are IPsec/IKE, it would be necessary to reassemble them. So I don't see how they could be treated differently. > Date: Fri, 8 Feb 2008 09:30:33 -0500 > From: dnelson@elbrysnetworks.com > To: bernard_aboba@hotmail.com > CC: aland@deployingradius.com; stefan.winter@restena.lu; aland@nitros9.org; radiusext@ops.ietf.org > Subject: Re: draft-winter-radsec-01 published > > Bernard Aboba wrote: > > > BTW, how does IPsec solve the fragmentation problem for RADIUS? > > Maybe it prevents the "broken" firewalls from peeking into the packets, > seeing UDP fragments, and dropping them. They skate by via means of an > IPsec pass through feature. Just a guess. > |