Browse Prior Art Database

Negotiation of NAT-Traversal in the IKE (RFC3947)

IP.com Disclosure Number: IPCOM000033926D
Original Publication Date: 2005-Jan-01
Included in the Prior Art Database: 2005-Jan-05
Document File: 17 page(s) / 35K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

T. Kivinen: AUTHOR [+4]

Abstract

This document describes how to detect one or more network address translation devices (NATs) between IPsec hosts, and how to negotiate the use of UDP encapsulation of IPsec packets through NAT boxes in Internet Key Exchange (IKE).

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 8% of the total text.

Network Working Group                                         T. Kivinen

Request for Comments: 3947                                       SafeNet

Category: Standards Track                                     B. Swander

                                                               Microsoft

                                                             A. Huttunen

                                                    F-Secure Corporation

                                                                V. Volpe

                                                           Cisco Systems

                                                            January 2005

                Negotiation of NAT-Traversal in the IKE

Status of this Memo

   This document specifies an Internet standards track protocol for the

   Internet community, and requests discussion and suggestions for

   improvements.  Please refer to the current edition of the "Internet

   Official Protocol Standards" (STD 1) for the standardization state

   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2005).

Abstract

   This document describes how to detect one or more network address

   translation devices (NATs) between IPsec hosts, and how to negotiate

   the use of UDP encapsulation of IPsec packets through NAT boxes in

   Internet Key Exchange (IKE).

Kivinen, et al.             Standards Track                     [Page 1]

RFC 3947        Negotiation of NAT-Traversal in the IKE     January 2005

Table of Contents

   1.  Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . 2

   2.  Specification of Requirements . . . . . . . . . . . . . . . . . 3

   3.  Phase 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

       3.1.  Detecting Support of NAT-Traversal. . . . . . . . . . . . 4

       3.2.  Detecting the Presence of NAT . . . . . . . . . . . . . . 4

   4.  Changing to New Ports . . . . . . . . . . . . . . . . . . . . . 6

   5.  Quick Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . 8

       5.1.  Negotiation of the NAT-Traversal Encapsulation. . . . . . 9

       5.2.  Sending the Original Source and Destination Addresses . . 9

   6.  Initial Contact Notifications. . . . . . . . . . . . . . . . . 11

   7.  Recovering from the Expiring NAT Mappings. . . . . . . . . . . 11

   8.  Security Consideration...