Hi, Very sorry for the late reply.
We have considered roaming VPN client scenario where MOBIKE may not be required, NAT can be enabled or disabled any time due to administrative reasons. Thanks Jyothi -----Original Message----- From: IPsec [mailto:[email protected]] On Behalf Of Tero Kivinen Sent: Monday, March 30, 2015 6:46 PM To: Suram Chandra Sekhar-B38523 Cc: [email protected] Subject: [IPsec] FW: New Version Notification for draft-suram-dynamic-nat-traversal-00.txt [email protected] writes: > A new Internet Draft is posted to the working group. > The draft addresses a problem where NAT is enabled dynamically (after > IPsec SA is created) because of which traffic stops. This is already supported when MOBIKE is used, and without MOBIKE the IP-addresses cannot change, thus NAT cannot suddenly appear in the middle. Can you explain in which situations the NAT will be enbled after the IKEv2 connection has been creteated in such way that IP-addresses of both end points stay same? If the IP-addresses change, then to be able to keep the same IKEv2 connection you need to use MOBIKE and MOBIKE will already automatically enable NAT if it detects NAT while moving traffic from one IP-address to another. > The draft uses the existing IKEv2 framework (without defining any new > payloads) and maintains backward compatibility with older > implementations of IKEv2 that does not support this draft. > > We request your feedback on the same. Can you explain what is problem with the already standardized solution to this problem, and why do you think it does not solve the issue? -- [email protected] _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
