On Wednesday 05 June 2002 23:01, Steven Peck wrote: > I believe this is it. <snip> > In brief, it appears to be a way to establish secure end to end > communications across NAT and the Internet specificcaly using the > UPnP standard proposed by Intel.
Though SSH doesn't come out and say this, they are basically the same idea. NAT causes problems with multiple clients doing the *same* thing at the same time. Say like multiple IPSec connections on port 500 leaving the NAT'ed Gateway. What is proposed here is a Nat-D type added to the approved header method (tunnel and transports are the current standard types). The Nat-D header would indicate the presence of a second added header that includes the port number used by the machine requesting the service (IPSec for instance). With this NAT'ed port information added to the packet payload, the gateway(s) will be able to indentify and decode the second header and send it to the exact machine that requested the information (identified by the port the connection was initialized on). Although this may not be the best method proposed to deal with NAT, this is a very easy method to implement and will work on all NAT and Proxy machines that will support identification and routing suggested in the docs. In special cases such as the iSCSI network storage devices, this can be built directly into the device driver eliminating the need for encryption by a processor because it is "built" into the device (driver) itself. What advantage it would give to us at this time would amount to faster thoroughput times and automatic resetting of dropped tunnels, assuming that FreeS/WAN supports the changes in any case. -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! _______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm _______________________________________________ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel