[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: NAT64 and IPsec support
However, i am not so clear about the tunnel mode.
In tunnel mode, we have two IP headers and the NAT64 will only
translate one of them (by default, if we don't do anything special
so, the problem, is that even if the outside IP header is
translated with the NAT64 box, the inner header remains in the
original IP version, so i am wondering if this doesn't present
additionla difficulties. The option is to translate both headers,
=> But how can you translate the inner header if it's covered with
ESP? You can't see the inner header at all.
but this again will be different than the IPv4 NAT case, since the
inner header in the IPv4 NAT case remains unchanged, while we would
be changing it in this case. So i am finding that the tunnel mode
wouldn't be so directly supported using the IPv4 NAT traversal
techniques for IPSec.
However, i am not an expert on this, so i may get this completelly
wrong. any guidance on this would be appreciated