[prev in list] [next in list] [prev in thread] [next in thread]
List: ipsec
Subject: Re[2]: IPSEC and NAT
From: pcalhoun () usr ! com
Date: 1997-08-20 13:12:50
[Download RAW message or body]
But doesn't this assume that the host has both a private AND a public
address? The reason for NAT is that a network lives on a network using
a private addressing scheme.
PatC
______________________________ Reply Separator _________________________________
Subject: Re: IPSEC and NAT
Author: Yan-Fa LI <yanfali@hpcc103.corp.hp.com> at Internet
Date: 8/19/97 1:36 PM
A couple of questions to wiser minds, but...
Why do NAT in a central location ? One of the things I really dislike
about NAT is that sometimes it has to get involved at the application
layer to fix certain protocols, e.g. FTP. This slows everything down
if the IPSec/NAT has to snoop every packet looking for TCP port 21 and
PORT strings. Isn't the IPSec gateway complex enough without
introducing NAT ?
Why not push the problem out to the individual hosts ? Have the hosts
have virtual network interfaces that appear to be on the
Internal/Virtual network, just like PPP. This avoids many of the
inherent problems of NAT. I remember that Bellovin and Cheswick wrote a
paper on just this idea some years ago.
Just my $0.02
Y
___________________________________________________________________
| Bio-Routing: | Electronic Connectivity: |
| | |
| Yan-Fa LI (TIS TR) | Phone: ( +1 ) - 415 424 3680 |
| Hewlett-Packard Company | Fax: ( +1 ) - 415 424 3632 |
| Mail Stop: 20CX | |
| 3000 Hanover Street, | Telnet: 424 - 3680 |
| Palo Alto, CA 94304 | Email: yanfali@corp.hp.com |
| USA | |
|____________________________|______________________________________|
["RFC822 message headers" (text/plain)]
Received: from usr.com (mailgate.usr.com) by robogate2.usr.com with SMTP
(IMA Internet Exchange 2.02 Enterprise) id 3FA078B0; Tue, 19 Aug 97 15:52:28
-0500
Received: from portal.ex.tis.com by usr.com (8.7.5/3.1.090690-US Robotics)
id PAA22049; Tue, 19 Aug 1997 15:29:16 -0500 (CDT)
Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id
QAA24517 for ipsec-outgoing; Tue, 19 Aug 1997 16:27:31 -0400 (EDT)
Message-Id: <9708192036.AA02305@hpcc103.corp.hp.com>
To: ipsec@tis.com
Subject: Re: IPSEC and NAT
Reply-To: yanfali@corp.hp.com
Date: Tue, 19 Aug 1997 13:36:18 -0700
From: Yan-Fa LI <yanfali@hpcc103.corp.hp.com>
Sender: owner-ipsec@ex.tis.com
Precedence: bulk
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic