[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AH in NAT device



In message <199809170719.JAA18872@zap.celocom.se>, Valentin Oprean writes:
> Hi!
> 
> If one uses a Network Address Translator (NAT) to translate ones private IP
> address into Internet legitimate addresses, can one use AH in tunneling  mode
> (ipsec) from the NAT device?

I'm not certain exactly what you're asking.  However, in general the
NAT box must terminate the ipsec association.  That is, some internal
host using a net 10 address can send a packet towards the Internet.
A border box translates the address into something legitimate, then
applies AH or ESP.  That will work.