2007/449 Detangle IPsec NAT Traversal
James Carlson
james.d.carlson at Sun.COM
Fri Aug 3 10:07:52 PDT 2007
Dan McDonald writes:
> It doesn't. The socket, if so marked, merely allows the shuffling-off of
> ESP-in-UDP for datagrams that hit that socket.
>
> It's up to Key Management (e.g. IKE) to pin these sockets up. And usually
> the KM traffic uses the 0-SPI value with its peer.
Ah, that's the bit I needed to understand, thanks. I was expecting a
closer tie here.
--
James Carlson, Solaris Networking <james.d.carlson at sun.com>
Sun Microsystems / 1 Network Drive 71.232W Vox +1 781 442 2084
MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677
More information about the opensolaris-arc
mailing list