[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NAT64 and IPsec support



On 28 mrt 2008, at 21:10, Iljitsch van Beijnum wrote:

Ok, this is all easy enough (and should equally apply to both tunnel and transport mode), except that RFC 3948 doesn't really mention IKE, which I think needs to be changed to support NAT64 or NAT46. Question to the IPsec experts: would it be possible to have the updated IKE implementation on just one end (presumably the v6 end) where the other end thinks it just sees regular NAT44?

Wait: this is only an issue if the IPv6 hosts thinks it's actually doing v6. In that case, I don't see how IKE could work (but IKE is extremely complex and I only know how it works very superficially). If on the other hand the host knows it's talking to a v4 destination it can anticipate the translation and it should probably be possible to make things such that IKE can work the same way as though NAT44.