[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: NAT and IPSEC INCOMPATIBLE???
> > Looking at rfc1631 (NAT) and rfc2401 (IPSEC Overview) I have not yet
> > discovered a reason for conflict in using the two protocols together. Just
> > trying to understand if it is possible.....or if a IPSEC and NAT are just
> > not made to function together. Specifics of the reason this will or won't
> > work would be VERY much appreciated.
>
> Yep, NAT breaks IPSEC.
>
> NAT breaks any protocol which protects IP addresses from modification.
> AH's checksum includes these header fields, so that's one thing which
> breaks.
Can I have additional question about this?
So, if we do NAT before IPSEC, can I usr NAT & IPSec together?
For example,
Home Office ---[NAT]---[IPSec]--->Internet...
Home Office <--[NAT]<--[IPSec]<---Internet...
Thanks in advance.
Follow-Ups:
References: