[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: NAT and IPSEC INCOMPATIBLE???
>>> Makoto Kubota <kubota@flab.fujitsu.co.jp> 06/09/99 05:57PM >>>
> > Looking at rfc1631 (NAT) and rfc2401 (IPSEC Overview) I have not yet
> > discovered a reason for conflict in using the two protocols together. Just
> > trying to understand if it is possible.....or if a IPSEC and NAT are just
> > not made to function together. Specifics of the reason this will or won't
> > work would be VERY much appreciated.
>
> Yep, NAT breaks IPSEC.
>
> NAT breaks any protocol which protects IP addresses from modification.
> AH's checksum includes these header fields, so that's one thing which
> breaks.
>>>Can I have additional question about this?
>>>So, if we do NAT before IPSEC, can I usr NAT & IPSec together?
>>>For example,
>>> Home Office ---[NAT]---[IPSec]--->Internet...
>>> Home Office <--[NAT]<--[IPSec]<---Internet...
>>> Thanks in advance.
Yes NAT breaks IPSec if NAT is between the tunnel (IPSec) points.
But, NAT can be behind the IPSec.
umesh
BEGIN:VCARD
VERSION:2.1
X-GWTYPE:USER
FN:Umesh Muniyappa
TEL;WORK:408-967-7753
ORG:Engineer;Border Services Engineering
TEL;PREF;FAX:408-967-5560
EMAIL;WORK;PREF;NGW:UMUNIYAPPA@novell.com
N:Muniyappa;Umesh
TITLE:Engineer
X-GWUSERID:UMUNIYAPPA
END:VCARD