[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (NAT) Re: Interactions between IPSEC and NAT

To: Steve Bellovin <smb@research.att.com>
Subject: Re: (NAT) Re: Interactions between IPSEC and NAT
From: George Tsirtsis <george@gideon.bt.co.uk>
Date: Thu, 5 Feb 1998 23:30:40 +0000 (GMT)
Cc: ipsec@tis.com, nat@livingston.com
In-Reply-To: <199802052031.PAA18451@postal.research.att.com>
Sender: owner-ipsec@ex.tis.com

On Thu, 5 Feb 1998, Steve Bellovin wrote:

> 
> A second approach is to use some form of encapsulation to accomplish
> NAT-like functionality.  That, too, works well, since IPsec supports
> an encapsulation mode.

Steve, I do not understand how the tunnel-mode of IPSEC will help you
here. If you have a NAT at the edge of the network, in order to use the
tunnel mode (from the host to the NAT), you will have to get a global
address before you set the tunnel up in order to do the encryption
calculations. Is that correct? How this address will be allocated?

I ask that because it crossed my mind when I was writting the'NAT bypass'
draft using L2TP.

If you have any ideas how to do that I would be very interested to hear.  

Regards

George
-----------------------------
Internet Transport Research |
BTLABS                      |
--------------------------------------------------------------------------
Notice: This contribution is the personal view of the author and does not
necessarily reflect the technical nor commercial direction of British
Telecommunications plc.
--------------------------------------------------------------------------

References:

Re: (NAT) Re: Interactions between IPSEC and NAT

From: Steve Bellovin <smb@research.att.com>

Prev by Date: Re: (NAT) Re: Interactions between IPSEC and NAT
Next by Date: Re: (NAT) Re: Interactions between IPSEC and NAT
Prev by thread: Re: (NAT) Re: Interactions between IPSEC and NAT
Next by thread: Re: (NAT) Re: Interactions between IPSEC and NAT
Index(es):
- Main
- Thread