>>>>> "Yaron" == Yaron Sheffer <[email protected]> writes: Yaron> There's something I'm missing here. Let's say we go for a Yaron> solution where we Yaron> fragment IKE packets into pieces of 576 bytes, at the Yaron> application level.
We need to know what problem we are in fact facing. It seems to me that the "routers" causing the problems are in fact CGN, and therefore NAT is likely involved, and so ESP-over-UDP. If we have a network where 576 byte ESP packets are required, then regardless of IKE fragmentation (or not), we have a problem to deal with at the IPsec level. -- ] He who is tired of Weird Al is tired of life! | firewalls [ ] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[ ] [email protected] http://www.sandelman.ottawa.on.ca/ |device driver[ Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE> then sign the petition.
pgpYXU4jIawbV.pgp
Description: PGP signature
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
