> o Implementations MUST process received UDP-encapsulated ESP packets
> even when no NAT was detected. > > o The original source and destination IP address required for the > transport mode TCP and UDP packet checksum fixup (see [UDPENCAPS]) > are obtained from the Traffic Selectors associated with the > exchange. In the case of NAT traversal, the Traffic Selectors > MUST contain exactly one IP address, which is then used as the > original IP address. Tero: Getting original source and destination IP address from the traffic selectors do not really work currently. Especially when combined with the selectors from the packet and when responder is behind nat or similar problems. Paul: Not done. Specify replacement text and discuss on the mailing list. See also Tero's mail with proposed text here: http://www.ietf.org/mail-archive/web/ipsec/current/msg04131.html
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
