[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

VS: IP tunnel over a NAT (IP masq) possible ?

To: <otel@ce.chalmers.se>, <linux-ipsec@clinet.fi>, <ipsec@lists.tislabs.com>, <firewall-wizards@nfr.net>
Subject: VS: IP tunnel over a NAT (IP masq) possible ?
From: "Pekka Turunen" <pekka.turunen@netseal.com>
Date: Mon, 19 Jul 1999 14:18:55 +0300
Importance: Normal
In-Reply-To: <14223.33362.904306.427278@blomman18.ce.chalmers.se>
Sender: owner-ipsec@lists.tislabs.com

> Hello everybody,
>
>
> I have the following problem: I have a machine behind a NAT performing
> one-to-many address translation (inside: Net 10. outside: only one IP
> addr). What i would like to do is to set a IP tunnel from one of the
> inside machines (the "client") to a remote machine (i.e. beyond NAT)
> (the "server"). Such that after the tunnel setup the inside machine
> appears to be virtually attached to the remote net.
>
> Any ideas and suggestions are welcomed.
>
> Many thanks,
>
> Florian


Hello Florian!

We have studied the NAT -problem and developed a solution for it. We have
applied a patent for this solution, which is called FireSeal. With FireSeal
the firewall isn't required to decrypt the packets.  Nevertheless the
traffic can be fully controlled - dynamically.

The FireSeal system consists of two main components. The Client component
works as a part of the IPSec - or any other security application, inside the
company network boundaries, whereas the server component is attached to the
firewall. The process of controlling secured network traffic can be divided
into three steps:

1. The client part of FireSeal sends parameters concerning the connection to
the firewall (IP address, protocol used etc.).

2. The firewall decides if the connection is allowed (firewalls normal
control mechanisms are used). If the connection is accepted then firewall
sends to the client the needed parameters for the connection (i.e. the NAT
transform parameters and a SPI number, which identifies the approved
connection).

3. The client does the NAT transformation and sends the data. The data
passes through the firewall if the SPI matches the ones in firewall.

I.e. the firewall can use its normal policies to decide, whether or not to
let the traffic pass through. In regard to applications needing secure
communications, FireSeal is completely invisible.



Yours sincerely, Pekka Turunen


     NetSeal Technologies - Complete Network Security

     Pekka Turunen          pekka.turunen@netseal.com
     www.netseal.com            phone +358-9-4375-428

Follow-Ups:

Re: VS: IP tunnel over a NAT (IP masq) possible ?

From: Otel Florian-Daniel <otel@ce.chalmers.se>

Re: linux-ipsec: VS: IP tunnel over a NAT (IP masq) possible ?

From: O.Schnapauff@tu-bs.de

References:

IP tunnel over a NAT (IP masq) possible ?

From: Otel Florian-Daniel <otel@ce.chalmers.se>

Prev by Date: RE: KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp- 00.txt))
Next by Date: Re: Revised Mobile IPv6 draft available
Prev by thread: Re: linux-ipsec: IP tunnel over a NAT (IP masq) possible ?
Next by thread: Re: VS: IP tunnel over a NAT (IP masq) possible ?
Index(es):
- Main
- Thread