[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Looking for info on ipsec passthrough (or passthru?)

Ok, I looked it up and think I know what "passthru" is.

Getting IPsec through NAT is a VERY hard problem.  There isn't an easy way
of associating (on the wire) that a packet with an SPI of this value needs
to be demultiplexed to this destination because a packet with another SPI
went through the NAT gateway...

Passthru is one way of solving this, basically saying all IPsec traffic
flows through the NAT to this 1 destination.

Passthru is a hack until something like RSIP becomes a reality.


Bill Strahm        Programming today is a race between
bill.strahm@      software engineers striving to build
intel.com           bigger and better idiot-proof programs,
(503) 264-4632   and the Universe trying to produce
            bigger and better idiots.  So far, the
                        Universe is winning.--Rich Cook
I am not speaking for Intel.  And Intel rarely speaks for me

> -----Original Message-----
> From: John C. Day [mailto:JCDay@JCDay.com]
> Sent: Tuesday, August 29, 2000 3:56 PM
> To: ipsec@lists.tislabs.com
> Subject: Looking for info on ipsec passthrough (or passthru?)
> Greetings.  I'm poking around looking for information on 
> "IPSec passthru", 
> which I saw mentioned on http://www.linksys.com ("Firmware 
> upgrade - IPSec 
> passthru now supported").
> I searched the archive files of 
> ftp://ftp.tis.com/pub/lists/ipsec/ipsec.0001 through ipsec.0008 but I 
> couldn't locate the string "passthr" anywhere in those.   I 
> also checked 
> rfc2401 without success, but I'm guessing it's a feature/spec 
> that's been 
> introduced recently.
> Using google I did find a couple of mentions of it in news 
> groups, but I 
> wasn't able to locate an rfc or other doc which describes 
> what it's for and 
> how it's to be implemented.
> Any pointers?   Thanks.
> John
> --
> John C. Day
> Gilroy, CA
> http://www.JCDay.com