Hi Paul,
The ports used for IKE packets would not be randomized since IKE would not use source port for LB and so should be stable at the NAT.
I was not referring to the IKE but the ESP packets sent by the responder to the natted IKE port for LB. Wasn't that what you were proposing?
Regards, Tobias _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
