RE: NAT and IPSEC INCOMPATIBLE???

[CTrobridge@baltimore.com]

> -----Original Message-----
> From: pcalhoun@eng.sun.com [mailto:Pat.Calhoun@Eng.Sun.Com]
> Sent: 10 June 1999 23:42
> To: Derek Atkins
> Cc: Pakulski Krzysztof-LKP014; pcalhoun@eng.sun.com; Pyda Srisuresh;
> danmcd@Eng.Sun.Com; johnbr@elastic.com; ipsec@lists.tislabs.com
> Subject: Re: NAT and IPSEC INCOMPATIBLE???
> 
> 
> > Let me repeat my question: If a packet comes in on port X on the NAT
> > gateway, how do you know whether the packet really goes to port X on
> > host Y or port X on host Z?  Remember, this is a protocol 
> with a known
> > port (port X)... It ALWAYS sits on port X.  So, how do you address
> > "port X on host Y" when "host Y" is behind a NAT gateway?
> 
> Derek, That *is* the problem. Huge amounts of 
> pre-configuration is necessary.
> I really doubt that the Hotel chains really understand the amount of
> administration required to deploy such a screwy scheme.
> 
> PatC

Even more of a problem when several hosts may be offering the same service
on the same port.

Last time this came up the idea of tunneling IP through to a third party was
discussed.  Thus NAT only mucks around with the outer header leaving the
'real' inner header intact.

Chris

---

Follow-Ups:

• Re: NAT and IPSEC INCOMPATIBLE???
• From: "Michael C. Richardson" <mcr@sandelman.ottawa.on.ca>

---

• Prev by Date: RE: RFC2409
• Next by Date: RE: can ISAKMP cookies be zero?
• Prev by thread: Re: NAT and IPSEC INCOMPATIBLE???
• Next by thread: Re: NAT and IPSEC INCOMPATIBLE???
• Index(es):
  • Main
  • Thread