[prev in list] [next in list] [prev in thread] [next in thread]
List: ipsec
Subject: Re: IPSEC and NAT
From: hsw () columbia ! sparta ! com (Howard Weiss)
Date: 1997-08-19 13:21:11
[Download RAW message or body]
>
> Has there been any discussion on using IPSEC in conjuction
> with Network Address Translation devices? In particular, I'm
> having problems using Sun's SKIP Source Release 1.0 on a host
> behind an Ascend P-50 that's doing address translation.
>
> Any suggestions would be appreciated.
>
> The subject came up at the NAT BoF at the Munich IETF meeting last week.
> Basically, you can't do IPSEC through a NAT box. You have to terminate
> the security association at the NAT box, and -- if you want -- create
> a new security association from the box to the end system.
>
> The point is simple: IPSEC guards against tampering with the packet,
> and NAT boxes by definition tinker with at least the addresses.
>
Couldn't one tunnel through a NAT?
--
___________________________________________________________________
| |
|Howard Weiss phone (410) 381-9400 x201 |
|SPARTA, Inc. (301) 621-8145 x201 (DC) |
|9861 Broken Land Parkway, suite 300 fax: (410) 381-5559 |
|Columbia, MD 21046 email: hsw@columbia.sparta.com |
|___________________________________________________________________|
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic