[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: NAT and IPSEC INCOMPATIBLE???
> -----Original Message-----
> From: pcalhoun@eng.sun.com [mailto:Pat.Calhoun@Eng.Sun.Com]
> Sent: 10 June 1999 23:42
> To: Derek Atkins
> Cc: Pakulski Krzysztof-LKP014; pcalhoun@eng.sun.com; Pyda Srisuresh;
> danmcd@Eng.Sun.Com; johnbr@elastic.com; ipsec@lists.tislabs.com
> Subject: Re: NAT and IPSEC INCOMPATIBLE???
>
>
> > Let me repeat my question: If a packet comes in on port X on the NAT
> > gateway, how do you know whether the packet really goes to port X on
> > host Y or port X on host Z? Remember, this is a protocol
> with a known
> > port (port X)... It ALWAYS sits on port X. So, how do you address
> > "port X on host Y" when "host Y" is behind a NAT gateway?
>
> Derek, That *is* the problem. Huge amounts of
> pre-configuration is necessary.
> I really doubt that the Hotel chains really understand the amount of
> administration required to deploy such a screwy scheme.
>
> PatC
Even more of a problem when several hosts may be offering the same service
on the same port.
Last time this came up the idea of tunneling IP through to a third party was
discussed. Thus NAT only mucks around with the outer header leaving the
'real' inner header intact.
Chris
Follow-Ups: