mobike-3----Page:12
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
|
Combined NAT-T and MOBIKE With combined NAT-T and MOBIKE protocol we have some more questions: Do we only allow NAT to appear only when IP-address or link status changes? Do we want to switch back from the NAT-T to MOBIKE Save bandwidth (no UDP encapsulation) Better protection against 3rd party bombing Attacker can force as to use NAT-T before attacking We need to define our own NAT-T (or modify IKEv2), as IKEv2 NAT-T isn't enough for us Can only be enabled in the beginning Implicit address update is not mandatory Return routability checks not mandatory No detection of NAT disappearing |