[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NAT and IPSEC INCOMPATIBLE???

To: ipsec@lists.tislabs.com
Subject: Re: NAT and IPSEC INCOMPATIBLE???
From: Makoto Kubota <kubota@flab.fujitsu.co.jp>
Date: Thu, 10 Jun 1999 09:57:15 +0900
Cc: hawkinsj@nortelnetworks.com
In-reply-to: Your message of "Wed, 09 Jun 1999 20:36:55 JST"
References: <199906100036.AAA15949@orchard.arlington.ma.us>
Sender: owner-ipsec@lists.tislabs.com

> > Looking at rfc1631 (NAT) and rfc2401 (IPSEC Overview) I have not yet
> > discovered a reason for conflict in using the two protocols together.  Just
> > trying to understand if it is possible.....or if a IPSEC and NAT are just
> > not made to function together.  Specifics of the reason this will or won't
> > work would be VERY much appreciated.
> 
> Yep, NAT breaks IPSEC.
> 
> NAT breaks any protocol which protects IP addresses from modification.
> AH's checksum includes these header fields, so that's one thing which
> breaks.

Can I have additional question about this?

So, if we do NAT before IPSEC, can I usr NAT & IPSec together?
For example,
  Home Office ---[NAT]---[IPSec]--->Internet...
  Home Office <--[NAT]<--[IPSec]<---Internet...

Thanks in advance.

Follow-Ups:

Re: NAT and IPSEC INCOMPATIBLE???

From: Pyda Srisuresh <suresh@livingston.com>

Re: NAT and IPSEC INCOMPATIBLE???

From: Tim Lyons <tlyons@digitalvoodoo.org>

References:

Re: NAT and IPSEC INCOMPATIBLE???

From: Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us>

Prev by Date: Re: Comments on draft-ietf-ipsec-ike-01.txt (long)
Next by Date: Re: NAT and IPSEC INCOMPATIBLE???
Prev by thread: Re: NAT and IPSEC INCOMPATIBLE???
Next by thread: Re: NAT and IPSEC INCOMPATIBLE???
Index(es):
- Main
- Thread