Both TCP & UDP checksum use pseudo header which include source and destination address.
In transport mode, there is only one IP header. If source or destination IP is changed by NAT, the TCP/UDP checksum in IPSec data needs to be updated, or the L4 integrity check will fail
Refer to NAT-Traversal
http://mkl-note.blogspot.tw/2011/12/nat-traversal.html
2012年8月7日 星期二
IPSec transport inbound with NAT-T enabled need to update TCP/UDP checksum
訂閱:
張貼留言 (Atom)
沒有留言:
張貼留言