[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Looking for info on ipsec passthrough (or passthru?)
Ok, I looked it up and think I know what "passthru" is.
Getting IPsec through NAT is a VERY hard problem. There isn't an easy way
of associating (on the wire) that a packet with an SPI of this value needs
to be demultiplexed to this destination because a packet with another SPI
went through the NAT gateway...
Passthru is one way of solving this, basically saying all IPsec traffic
flows through the NAT to this 1 destination.
Passthru is a hack until something like RSIP becomes a reality.
Bill
______________________________________________
Bill Strahm Programming today is a race between
bill.strahm@ software engineers striving to build
intel.com bigger and better idiot-proof programs,
(503) 264-4632 and the Universe trying to produce
bigger and better idiots. So far, the
Universe is winning.--Rich Cook
I am not speaking for Intel. And Intel rarely speaks for me
> -----Original Message-----
> From: John C. Day [mailto:JCDay@JCDay.com]
> Sent: Tuesday, August 29, 2000 3:56 PM
> To: ipsec@lists.tislabs.com
> Subject: Looking for info on ipsec passthrough (or passthru?)
>
>
> Greetings. I'm poking around looking for information on
> "IPSec passthru",
> which I saw mentioned on http://www.linksys.com ("Firmware
> upgrade - IPSec
> passthru now supported").
>
> I searched the archive files of
> ftp://ftp.tis.com/pub/lists/ipsec/ipsec.0001 through ipsec.0008 but I
> couldn't locate the string "passthr" anywhere in those. I
> also checked
> rfc2401 without success, but I'm guessing it's a feature/spec
> that's been
> introduced recently.
>
> Using google I did find a couple of mentions of it in news
> groups, but I
> wasn't able to locate an rfc or other doc which describes
> what it's for and
> how it's to be implemented.
>
> Any pointers? Thanks.
>
> John
>
> --
>
> John C. Day
> Gilroy, CA
> http://www.JCDay.com
>
>
Follow-Ups: