Search RFCs

RFC Editor

Found 2 records.

Status:Verified (2)

RFC 4966, "Reasons to Move the Network Address Translator - Protocol Translator (NAT-PT) to Historic Status", July 2007

Errata ID:1306
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Brian Carpenter
Date Reported: 2008-01-29
Verifier Name: Ron Bonica
Date Verified: 2009-10-06

Throughout the document, when it says:

[RFC3498]

It should say:

[RFC3948]

Notes:

All citations of [RFC3498] are intended to be [RFC3948]

Errata ID:3142
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: David L. Black
Date Reported: 2012-02-29
Verifier Name: Ron Bonica
Date Verified: 2012-03-06

Section 2.1 says:

Unless UDP encapsulation is used for IPsec [RFC3498], traffic usingIPsec AH (Authentication Header), in transport and tunnel mode, andIPsec ESP (Encapsulating Security Payload), in transport mode, isunable to be carried through NAT-PT without terminating the securityassociations on the NAT-PT, due to their usage of cryptographicintegrity protection.

It should say:

IPsec traffic using AH (Authentication Header) [RFC4302] in bothtransport and tunnel modes cannot be carried through NAT-PT withoutterminating the security associations on the NAT-PT, due to theinclusion of IP header fields in the scope of AH's cryptographicintegrity protection [RFC3715].  In addition, IPsec traffic usingESP (Encapsulating Security Payload) [RFC4303] in transport modegenerally uses UDP encapsulation [RFC3948] for NAT traversal(including NAT-PT traversal) in order to avoid the problemsdescribed in [RFC3715].

Notes:

This RFC4966 text was copied into draft-ietf-behave-64-analysis-06.
Gen-ART review of that draft found that the statement was incorrect
for ESP. The correct explanations of the problems (in great detail)
can be found in RFC 3715.

Report New Errata