[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Interactions between IPSEC and NAT




Dan Nessett writes:
> Anyone thought about this so that they can provide us with a nice clean
> answer :-) ?

Yes. If you want security, you can't use NAT, because by definition
the thing NAT is trying to do (peek in and/or alter your packets) is
what security is designed to prevent. Protocols like SSL have exactly
the same issue, btw. Any protocol that protects the contents of your
data will have the same issue.

This is not fixable -- any "fixes" someone could propose to this would
be so horrible as to make the entire point of security moot.

Perry


Follow-Ups: References: