pana-1----Page:8
1 2 3 4 5 6 7 8 9 10 11
|
NAT traversal (1/2) What happens if there is a NAT between EP and PAA? IP-Address and DI AVPs checked against IP header DI AVP: Bind DI to PANA session PaC DI is the IP address when IPsec is used. PAA delivers DI to EP. IP-Address AVP: Bind PAA IP address to PANA session If PaC IP address changes (e.g., run DHCP after PANA), PaC notifies PAA Did we really need the integrity checks? IP address theft/spoofing – IP address ownership issue PaC EP/AR NAT PAA |