'Re[2]: IPSEC and NAT'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipsec
Subject:    Re[2]: IPSEC and NAT
From:       pcalhoun () usr ! com
Date:       1997-08-20 13:12:50
[Download RAW message or body]

But doesn't this assume that the host has both a private AND a public 
     address? The reason for NAT is that a network lives on a network using 
     a private addressing scheme.
     
     PatC


______________________________ Reply Separator _________________________________
Subject: Re: IPSEC and NAT
Author:  Yan-Fa LI <yanfali@hpcc103.corp.hp.com> at Internet
Date:    8/19/97 1:36 PM


     
A couple of questions to wiser minds, but...
     
Why do NAT in a central location ?  One of the things I really dislike 
about NAT is that sometimes it has to get involved at the application 
layer to fix certain protocols, e.g.  FTP.  This slows everything down 
if the IPSec/NAT has to snoop every packet looking for TCP port 21 and 
PORT strings.  Isn't the IPSec gateway complex enough without 
introducing NAT ?
     
Why not push the problem out to the individual hosts ?  Have the hosts 
have virtual network interfaces that appear to be on the 
Internal/Virtual network, just like PPP.  This avoids many of the 
inherent problems of NAT.  I remember that Bellovin and Cheswick wrote a 
paper on just this idea some years ago.
     
Just my $0.02
     
Y
     
 ___________________________________________________________________ 
| Bio-Routing:               | Electronic Connectivity:             | 
|                            |                                      | 
| Yan-Fa LI (TIS TR)         | Phone:    ( +1 ) - 415 424 3680      | 
| Hewlett-Packard Company    | Fax:      ( +1 ) - 415 424 3632      | 
| Mail Stop: 20CX            |                                      | 
| 3000 Hanover Street,       | Telnet:   424 - 3680                 | 
| Palo Alto, CA 94304        | Email:    yanfali@corp.hp.com        | 
| USA                        |                                      | 
|____________________________|______________________________________|
["RFC822 message headers" (text/plain)]

Received: from usr.com (mailgate.usr.com) by robogate2.usr.com with SMTP
  (IMA Internet Exchange 2.02 Enterprise) id 3FA078B0; Tue, 19 Aug 97 15:52:28
-0500
Received: from portal.ex.tis.com by usr.com (8.7.5/3.1.090690-US Robotics)
	id PAA22049; Tue, 19 Aug 1997 15:29:16 -0500 (CDT)
Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id
QAA24517 for ipsec-outgoing; Tue, 19 Aug 1997 16:27:31 -0400 (EDT)
Message-Id: <9708192036.AA02305@hpcc103.corp.hp.com>
To: ipsec@tis.com
Subject: Re: IPSEC and NAT
Reply-To: yanfali@corp.hp.com
Date: Tue, 19 Aug 1997 13:36:18 -0700
From: Yan-Fa LI <yanfali@hpcc103.corp.hp.com>
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic