Hi Paul,
Instead, the responder should use the port received by the responder in the IKE
exchanges.
Note that if these packets have random source ports, this will only work
if the NAT implementation plays along or there is static port forwarding
configured. NATs might filter inbound packet
Hi,
For those that have not already attending Netdev, Netdev conf 0x15 has been
running since July 7 but it runs for 3 weeks but the talk sessions don't
start until Monday. As usual a lot of IETF relevant talks.
See: https://netdevconf.info/0x15/accepted-sessions.html
The fee is USD $50. Students
Hi Tobias:
The ports used for IKE packets would not be randomized since IKE would not use
source port for LB and so should be stable at the NAT.
Cheers,
Paul
-Original Message-
From: Tobias Brunner
Sent: Thursday, July 15, 2021 1:36 AM
To: Bottorff, Paul ; Valery Smyslov
; 'Tero Kiv
Hi Paul,
The ports used for IKE packets would not be randomized since IKE would not use
source port for LB and so should be stable at the NAT.
I was not referring to the IKE but the ESP packets sent by the responder
to the natted IKE port for LB. Wasn't that what you were proposing?
Regar
