Roaming user is behind the edge router. Control of issuing address is in edge router. Edge router may issue a public IP when NAT is not configured, later NAT configured, but IP is not changed immediately.
Thanks Jyothi -----Original Message----- From: Tero Kivinen [mailto:[email protected]] Sent: Tuesday, April 07, 2015 2:34 PM To: Vemulapalli Jyothi-B37784 Cc: Suram Chandra Sekhar-B38523; [email protected] Subject: RE: [IPsec] FW: New Version Notification for draft-suram-dynamic-nat-traversal-00.txt [email protected] writes: > Hi, > > Very sorry for the late reply. > > We have considered roaming VPN client scenario where MOBIKE may not be > required, So you do not want to implement already standardized protocol to solve the issue, and want to create new extension to solve partial issue? > NAT can be enabled or disabled any time due to administrative reasons. And how is that supposed to work. If I have network described in the draft: +-+-+-+-+ +-+-+-+-+ IPsec +-+-+-+-+ |Roaming| |Edge | tunnel |Corp | Protected | User |<--->|Router |<========>|Gateway|<--> network +-+-+-+-+ +-+-+-+-+ +-+-+-+-+ 198. 198. 130. 133. 51. 51. 233. 42. 100. 100. 208. 11. 22 1 1 1 I.e. Roaming user has public IP-address of 192.51.100.22, and its default gateway is 192.51.100.1, and it uses that to connect to the corporate gateway at ip-address 133.42.11.1. The roaming user already has public routable IP-address which it can use to connect to internet. What benefits you get by suddenly NAT:ing it to some other public routable IP-address? The normal reason for NAT is to provide ability to have multiple user sharing the same IP address, but if roaming user already has public routable IP-address, there is no need for that. I do not really see what you are trying to do here, what is the reason for this, and why it would ever be useful to add NAT for public routable IP-address because of some adminstrative reasons? I.e. what are those adminstrative reasons? In normal case when you add NAT there in the middle, the roaming user will loose its public IP-address, and then network will then be: +-+-+-+-+ +-+-+-+-+ IPsec +-+-+-+-+ |Roaming| |Edge | tunnel |Corp | Protected | User |<--->|Router |<========>|Gateway|<--> network +-+-+-+-+ +-+-+-+-+ +-+-+-+-+ 10. 10. 130. 133. 1. 1. 233. 42. 1. 1. 208. 11. 22 1 1 1 and that is again the case which MOBIKE was specified to solve. -- [email protected] _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
