Cisco Bug: CSCvt35888 - ENH: IKEv2 NAT-T - dynamically update the address/port of the peer behind NAT
May 15, 2020
- Cisco IOS
Known Affected Releases
Symptom: This is enhancement request to support dynamic update of the address/port of the peer behind NAT according to RFC4306 and later amendments RFC5996/RFC7296 (NAT Traversal section): There are cases where a NAT box decides to remove mappings that are still alive (for example, the keepalive interval is too long, or the NAT box is rebooted). To recover in these cases, hosts that are not behind a NAT SHOULD send all packets (including retransmission packets) to the IP address and port from the last valid authenticated packet from the other end (i.e., dynamically update the address). SHOULD means it's a RECOMMENDED behavior (RFC2119). Current implementation does not support update of the peer's IP address. Conditions: IKEv2 peer is behind NAT and changes IP address.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases