[2.23, NAT Traversal] > o Implementations MUST process received UDP-encapsulated ESP packets
> even when no NAT was detected.
>
> o The original source and destination IP address required for the
> transport mode TCP and UDP packet checksum fixup (see [UDPENCAPS])
> are obtained from the Traffic Selectors associated with the
> exchange. In the case of NAT traversal, the Traffic Selectors
> MUST contain exactly one IP address, which is then used as the
> original IP address.
Tero:
Getting original source and destination IP address from the traffic
selectors do not really work currently. Especially when combined with
the selectors from the packet and when responder is behind nat or
similar problems.
Paul: Not done. Specify replacement text and discuss on the mailing list.
People who care about Transport Mode are requested to help resolve this NAT
Traversal issue.
Thanks,
Yaron
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
