[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: NAT and IPSEC INCOMPATIBLE???
>
> > > Looking at rfc1631 (NAT) and rfc2401 (IPSEC Overview) I have not yet
> > > discovered a reason for conflict in using the two protocols together. Just
> > > trying to understand if it is possible.....or if a IPSEC and NAT are just
> > > not made to function together. Specifics of the reason this will or won't
> > > work would be VERY much appreciated.
> >
> > Yep, NAT breaks IPSEC.
> >
> > NAT breaks any protocol which protects IP addresses from modification.
> > AH's checksum includes these header fields, so that's one thing which
> > breaks.
>
> Can I have additional question about this?
>
> So, if we do NAT before IPSEC, can I usr NAT & IPSec together?
> For example,
> Home Office ---[NAT]---[IPSec]--->Internet...
> Home Office <--[NAT]<--[IPSec]<---Internet...
>
> Thanks in advance.
>
Yes. Take a look at <draft-ietf-nat-security-01.txt>
cheers,
suresh
References: