[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPSEC and NAT
>
> Has there been any discussion on using IPSEC in conjuction
> with Network Address Translation devices? In particular, I'm
> having problems using Sun's SKIP Source Release 1.0 on a host
> behind an Ascend P-50 that's doing address translation.
>
> Any suggestions would be appreciated.
>
> The subject came up at the NAT BoF at the Munich IETF meeting last week.
> Basically, you can't do IPSEC through a NAT box. You have to terminate
> the security association at the NAT box, and -- if you want -- create
> a new security association from the box to the end system.
>
> The point is simple: IPSEC guards against tampering with the packet,
> and NAT boxes by definition tinker with at least the addresses.
>
Couldn't one tunnel through a NAT?
--
___________________________________________________________________
| |
|Howard Weiss phone (410) 381-9400 x201 |
|SPARTA, Inc. (301) 621-8145 x201 (DC) |
|9861 Broken Land Parkway, suite 300 fax: (410) 381-5559 |
|Columbia, MD 21046 email: hsw@columbia.sparta.com |
|___________________________________________________________________|
Follow-Ups:
References: