[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NAT64 and IPsec support

To: Iljitsch van Beijnum <iljitsch@muada.com>
Subject: Re: NAT64 and IPsec support
From: Iljitsch van Beijnum <iljitsch@muada.com>
Date: Fri, 28 Mar 2008 21:34:49 +0100
Cc: marcelo bagnulo <marcelo@it.uc3m.es>, IPv6 Operations <v6ops@ops.ietf.org>, mcr@sandelman.ca, narten@us.ibm.com, dthaler@microsoft.com
In-reply-to: <5DF0C845-324F-41F8-838C-D92414D8AE7F@muada.com>
References: <47ED4397.10108@it.uc3m.es> <5DF0C845-324F-41F8-838C-D92414D8AE7F@muada.com>

On 28 mrt 2008, at 21:10, Iljitsch van Beijnum wrote:

Ok, this is all easy enough (and should equally apply to both tunneland transport mode), except that RFC 3948 doesn't really mentionIKE, which I think needs to be changed to support NAT64 or NAT46.Question to the IPsec experts: would it be possible to have theupdated IKE implementation on just one end (presumably the v6 end)where the other end thinks it just sees regular NAT44?

Wait: this is only an issue if the IPv6 hosts thinks it's actuallydoing v6. In that case, I don't see how IKE could work (but IKE isextremely complex and I only know how it works very superficially). Ifon the other hand the host knows it's talking to a v4 destination itcan anticipate the translation and it should probably be possible tomake things such that IKE can work the same way as though NAT44.

Follow-Ups:
- Re: NAT64 and IPsec support
  - From: Hesham Soliman <hesham@elevatemobile.com>

References:
- NAT64 and IPsec support
  - From: marcelo bagnulo <marcelo@it.uc3m.es>
- Re: NAT64 and IPsec support
  - From: Iljitsch van Beijnum <iljitsch@muada.com>

Prev by Date: Re: NAT64 and DNSSec
Next by Date: Re: NAT64 and DNSSec
Previous by thread: Re: NAT64 and IPsec support
Next by thread: Re: NAT64 and IPsec support
Index(es):
- Date
- Thread