>>>>> "Yaron" == Yaron Sheffer <[email protected]> writes: Yaron> I don't want to speak for MCR, but I think you are taking his Yaron> question too far towards the implementation aspects. What I Yaron> read in the question is, do we allow for a situation where Yaron> (by policy and/or because of limitations in the solution) an Yaron> endpoint cannot connect directly to the ultimate peer, but Yaron> needs instead to go through some sort of relay.
You didn't take my comments too far; I think you realized that I was in fact saying two things: 1) when traffic is redirected, MUST it be redirected directly to the real endpoint? (There might be issues of in-band double NAT that matter if the traffic doesn't get all the way there... I dunno, IPv6 RFC6145 is my answer to double NAT) 2) when traffic is redirected, MAY it be redirected more than once? -- ] He who is tired of Weird Al is tired of life! | firewalls [ ] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[ ] [email protected] http://www.sandelman.ottawa.on.ca/ |device driver[ Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE> then sign the petition.
pgphB2ZfurJj1.pgp
Description: PGP signature
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
