Guest

Preview Tool

Cisco Bug: CSCvt35888 - ENH: IKEv2 NAT-T - dynamically update the address/port of the peer behind NAT

Last Modified

May 15, 2020

Products (1)

  • Cisco IOS

Known Affected Releases

17.1.1

Description (partial)

Symptom:
This is enhancement request to support dynamic update of the address/port of the peer behind NAT according to RFC4306 and later amendments RFC5996/RFC7296 (NAT Traversal section):

     There are cases where a NAT box decides to remove mappings that
      are still alive (for example, the keepalive interval is too long,
      or the NAT box is rebooted).  To recover in these cases, hosts
      that are not behind a NAT SHOULD send all packets (including
      retransmission packets) to the IP address and port from the last
      valid authenticated packet from the other end (i.e., dynamically
      update the address).

SHOULD means it's a RECOMMENDED behavior (RFC2119). Current implementation does not support update of the peer's IP address.

Conditions:
IKEv2 peer is behind NAT and changes IP address.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.