 |
 |
 |
 |
|
 |
|
 |
|
 |
|
 |
|
|
|
|
|
|
|
|
|
|
|
|
Von: Bob Melander (KI/EAB) [mailto:bob.melander at ericsson.com]
Gesendet: Mittwoch, 21. Februar 2007 09:25
An: pana at ietf.org
Betreff: [Pana] PANA and NAT traversalI’m new to this list and I have some questions concerning PANA and NAT traversal. I've been browsing the mail archive and the current drafts but I still feel uncertain about what the status is.
What I wonder is pretty straight-forward. Is PANA applicable in the following two NAT scenarios:
1. NAT between PAA and EP
+----------+ +--------+ +----+ +-----+ +-----+
| MN (PaC) |------| Router |---------| EP |---| NAT |---| PAA |
+----------+ +--------+ +----+ +-----+ +-----+
(One or
several) .<=== Bootstrapped IPSec tunnel ===>
My understanding is that PANA should work in such a scenario (I've seen some slide set from IETF62). Correct? Any issues?
[Tschofenig, Hannes] Yes. PANA works in this case.2. NAT between PaC and EP
+----------+ +-----+ +--------+ +----+ +-----+
| MN (PaC) |------| NAT |-----| Router |---------| EP |---| PAA |
+----------+ +-----+ +--------+ +----+ +-----+
(One or
several) .<======== Bootstrapped IPSec tunnel ========>
Whether this is also supported I feel unsure about. My understanding of PANA details is not deep enough. Will PANA work here?
[Tschofenig, Hannes] PANA also works in this case. Section 6 of http://www.ietf.org/internet-drafts/draft-ietf-pana-ipsec-07.txt provides the details. The important point is that the shared secret for the IKE exchange is based on the ID_KEY_ID rather than the IP address.
If someone could provide answers to my questions I'd really appreciate it.
Ciao
Hannes
Best regards,
Bob Melander
_______________________________________________ Pana mailing list Pana at ietf.org https://www1.ietf.org/mailman/listinfo/pana