Hi, A new Internet Draft is posted to the working group. The draft addresses a problem where NAT is enabled dynamically (after IPsec SA is created) because of which traffic stops. The draft uses the existing IKEv2 framework (without defining any new payloads) and maintains backward compatibility with older implementations of IKEv2 that does not support this draft.
We request your feedback on the same. Thanking you. Regards suram -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Wednesday, March 25, 2015 10:08 PM To: Batchu Rampullaiah-B38526; Vemulapalli Jyothi-B37784; Batchu Rampullaiah-B38526; Suram Chandra Sekhar-B38523; Vemulapalli Jyothi-B37784; Suram Chandra Sekhar-B38523 Subject: New Version Notification for draft-suram-dynamic-nat-traversal-00.txt A new version of I-D, draft-suram-dynamic-nat-traversal-00.txt has been successfully submitted by Suram Chandra Sekhar and posted to the IETF repository. Name: draft-suram-dynamic-nat-traversal Revision: 00 Title: IPsec traversal in Dynamic NAT Document date: 2015-03-25 Group: Individual Submission Pages: 6 URL: http://www.ietf.org/internet-drafts/draft-suram-dynamic-nat-traversal-00.txt Status: https://datatracker.ietf.org/doc/draft-suram-dynamic-nat-traversal/ Htmlized: http://tools.ietf.org/html/draft-suram-dynamic-nat-traversal-00 Abstract: NAT can be enabled on a Security Gateway by administrator at any point of time. This can be called as Dynamic NAT. The existing IKEv2 RFC does not address the scenario of NAT being enabled on a security gateway after IKEv2 negotiation. In such a scenario, traffic sent over the IPsec SA will either be dropped or does not reach the peer security gateway. This document defines a method to ensure that IPsec traffic flow seamlessly in such a scenario. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
