Re: IPSEC and NAT

[Steven Bellovin <smb@research.att.com>]

	 NAT IS out of scope for the IPsec wg; not in our charter.
	 HOWEVER, being good IETFers, we will spend the time to scope
	 out the inpact of IPsec and NAT and then see what work needs
	 to be done.

For folks who weren't in Munich -- I spoke at the ipsec slot on remaining
work items.  My recommendation is that a new group (which I've dubbed
ipsecond) be formed to take over some of the complex issues.  One that
I explicitly listed was complex topology discovery, which most definitely
does include NAT boxes.  For now, though, NAT boxes are just another form
of firewall, and you'll either have to deploy a bump-in-the-wire ipsec
box outboard of your NAT, or lean on your vendor to integrate the two.

---

Follow-Ups:

• Re: IPSEC and NAT
• From: Tim Bass (IETF) <ietf@linux.silkroad.com>

---

• Prev by Date: Re: IPSEC and NAT
• Next by Date: comments on replay processing
• Prev by thread: Re: IPSEC and NAT
• Next by thread: Re: IPSEC and NAT
• Index(es):
  • Main
  • Thread