[prev in list] [next in list] [prev in thread] [next in thread]
List: ipsec
Subject: Re: IPSEC and NAT
From: Robert Moskowitz <rgm3 () chrysler ! com>
Date: 1997-08-19 12:06:45
[Download RAW message or body]
At 05:11 PM 8/18/97 -0400, David Aylesworth wrote:
>Has there been any discussion on using IPSEC in conjuction with Network
>Address Translation devices? In particular, I'm having problems using
Sun's
>SKIP Source Release 1.0 on a host behind an Ascend P-50 that's doing
address
>translation.
>
I have done extensive review of address translation and IPsec. I am
preparing an Internet draft covering 16 different NAT senarios for network
to network and 4 senarios with 3 road warrior variants for single system to
network NAT. All of these only address a single IPsec tunnel. I have YET
to tackle multiple tunnels in this format, which I believe will be VERY
important. One thing at a time...
A number of people have seen my senarios and I have not gotten any
negatives on them. As Steve mentioned, the translation occurs before the
packet enter the tunnel or after they emerge. I hsve learned that many
IPsec vendors cannot 'couple' their IPsec and NAT functions together. I
suspect that this will change quickly. This is one of the important items
I want to see tested at the upcoming AIAG sponsered IPsec workshop, as NAT
is a real world reality (from a co-author of RFC 1918).
Robert Moskowitz
Chrysler Corporation
(810) 758-8212
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic