[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (NAT) Re: Interactions between IPSEC and NAT

To: Vinod Valloppillil <vinodv@microsoft.com>
Subject: Re: (NAT) Re: Interactions between IPSEC and NAT
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 04 Feb 1998 19:50:05 -0500
cc: "'perry@piermont.com'" <perry@piermont.com>, ipsec@tis.com, nat@livingston.com
In-reply-to: Your message of "Wed, 04 Feb 1998 16:25:03 PST." <5CEA8663F24DD111A96100805FFE658701FDE81E@red-msg-51.dns.microsoft.com>
Reply-To: perry@piermont.com
Sender: owner-ipsec@ex.tis.com

Vinod Valloppillil writes:
> 
> >> HTTPS through a NAT, for example, is perfectly reasonable
> 
> >HTTPS doesn't embed things like ports into the communications stream,
> >so it can be NATed. SSL is the security layer HTTPS uses, but SSL !=
> >HTTPS -- other protocols over SSL will not behave so nicely.
> 
> But my example of HTTPS through NAT is a case where you both both NAT
> features and end-to-end security.  My point was to demonstrate the
> independance of IP addr/ports from end-end security.

You've demonstrated nothing of the sort. All you've shown is that
there exists a particular protocol that does okay that way. Unless you
are proposing that the only application for the internet is web
service over HTTPS, I'm afraid you'll have to accept that some
protocols do not and cannot play well with both NAT and end to end
security.

Perry

Prev by Date: Re: (NAT) Re: Interactions between IPSEC and NAT
Next by Date: Re: (NAT) Re: Interactions between IPSEC and NAT
Prev by thread: Re: (NAT) Re: Interactions between IPSEC and NAT
Next by thread: Re: (NAT) Re: Interactions between IPSEC and NAT
Index(es):
- Main
- Thread