Vinod,
There is no particular issues about NATing clear IP packets that are forwarded by the IPsec gateway between the Intranet and the Internet. It is just a local policy implementation specifying that you NAT those packets.
Just to add another reference that supports this feature : the Contivity VPN switch (Nortel).
Regards,
Nathalie
-----Original Message-----
From: Vinod Porwal [mailto:vinod.porwal@ishoni.com]
Sent: Thursday, February 01, 2001 8:21 AM
To: ipsec
Subject: NAT and IPSEC and Packet Filters
Hi,
I've scanned through few drafts , articles which talk about NAT and IPSEC.
Most of them talk about having IPSEC traffic going through NAT devices.
I'am interested only in implementing a Security Gateway (SG) which protects
the Private network from the internet (Packet Filters) , does NAT allowing
the private network to reach the internet & is able to establish VPN
tunnels to other SG. Here there is no need for having traffic being NAT'ed
and IPSec'd at the same time. Could some one guide me to few issues that I
may have to consider in getting this kind of solution. The interaction
between NAT and IPSEC implementaiton that may be required etc..
From what I see most of the commercial boxes like SonicWall, CheckPoint
right now support the above mentioned configuration. Am I right ?
Regards,
Vinod Porwal.