[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ESP over UDP

To: Joern Sierwald <joern.sierwald@datafellows.com>
Subject: Re: ESP over UDP
From: Derek Atkins <warlord@MIT.EDU>
Date: 10 Aug 1999 09:05:46 -0400
Cc: ipsec@lists.tislabs.com
In-Reply-To: Joern Sierwald's message of Tue, 10 Aug 1999 15:42:49 +0300
References: <3.0.5.32.19990810154249.00af8300@smtp.datafellows.com>
Sender: owner-ipsec@lists.tislabs.com

You've got it backwards -- UDP runs over ESP, not the
other way around.  Although you are correct in saying that
ISAKMP runs over UDP.  That is true.

The problem is that you are using IP Masquerade.  You will have
trouble with IPSec across a NAT.  There are a couple of patches
that exist for Linux to try to get IPSec working across the NAT:

ftp://ftp.rubyriver.com/pub/jhardin/masquerade/ip_masq_vpn.html

-derek

Joern Sierwald <joern.sierwald@datafellows.com> writes:

> 
> Is there a well-known port that I could use to run esp over udp?
> ISAKMP runs fine over IP maskerading, but ESP does not.
> 
> J=F6rn
> 

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/      PP-ASEL      N1NWH
       warlord@MIT.EDU                        PGP key available

Follow-Ups:

Re: ESP over UDP

From: Joern Sierwald <joern.sierwald@datafellows.com>

References:

ESP over UDP

From: Joern Sierwald <joern.sierwald@datafellows.com>

Prev by Date: ESP over UDP
Next by Date: Re: ESP over UDP
Prev by thread: ESP over UDP
Next by thread: Re: ESP over UDP
Index(es):
- Main
- Thread