Forgot password?
 Register now


Router

View: 127|Reply: 1

How Both IPSec Ends Perform NAT-T Detection?

[Copy link]

3

Digests

622

Posts

700

Credits

administrator

Rank: 9Rank: 9Rank: 9

Credits
700
Post time 2017-5-4 20:16:18 | Show all posts |Read mode
How Both IPSec Ends Perform NAT-T Detection?
Reply

Use magic Report

3

Digests

622

Posts

700

Credits

administrator

Rank: 9Rank: 9Rank: 9

Credits
700
 Author| Post time 2017-5-4 20:17:55 | Show all posts
NAT-T detection is performed in the first phase of IKE negotiation and is completed using the first and second packets in the first phase. The vendor ID payload is added to packets. According to RFC3947, it is converted into a value in hexadecimal notation by using the hash algorithm: vendor_id=0x4a 0x13 0x1c 0x81 0x7 0x3 0x58 0x45 0x5c 0x57 0x28 0xf2 0xe 0x95 0x45 0x2f. The value is consistent in the first and second packets and is used to detect whether the peer end supports NAT-T.


Run the debug cry iskamp command during negotiation. The displayed packet carries vendor_id. Use a tool to capture packets. The vendor ID is carried in IKE packets, as shown in the following figure.




This post contains more resources

You have to Login for download or view attachment(s). No Account? Register

x
Reply Support Not support

Use magic Report

You have to log in before you can reply Login | Register now