I think I am completely lost with this draft.
If I have understood correctly the basic setup is:
UE -- FAP -- NAT --- SeGW --- Mobile network
^ ^
| \--- Public IP+Port
\-- Private IP
and the problem is that the Mobile network needs to know the Public
IP+Port assigned by the NAT.
It seems to say:
1) SeGW has this information but it cannot pass it forward
2) Reason being that there is no justification to require
FAP spcific changes in SeGW
3) And it is outside the scope is document to add interface which
could be used to pass on SeGWs knowledge forward
4) I.e. SeGW cannot be modified
and this draft tries to fix this by
1) Modify the SeGW to support completely new configuration payload
attribute
2) Send this Public IP + Port inside that configuration payload
attribute to FAP
3) FAP then probably sends it forward to other side of SeGW?
I should point out that quite a many of the security gateways already
have ways to find out the public IP address+port of the IKE peer, just
because it is usually needed for statistics.
Why do you think security gateway vendors would add support to this
very FAP specific feature, and not add the much more commonly usable
feature of getting information and statistics about the existing IKE
and IPsec SAs?
I think it would be much better to write document which documents what
kind of API is wanted from the SeGW to get this information (and that
document does not need to be IETF document).
--
[email protected]
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
