[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: NAT and IPSEC and Packet Filters

To: vinod.porwal@ishoni.com, "'Nathalie Rivat'" <nrivat@nortelnetworks.com>
Subject: RE: NAT and IPSEC and Packet Filters
From: Pyda Srisuresh <srisuresh@yahoo.com>
Date: Thu, 1 Feb 2001 06:53:34 -0800 (PST)
Cc: "'ipsec'" <ipsec@lists.tislabs.com>
In-Reply-To: <C182A5918209D41190DE00C04F0CCD25010827EC@LEONOID>
Sender: owner-ipsec@lists.tislabs.com

You might want to take a look at RFC 2709.

cheers,
suresh
--- Vinod Porwal <vinod.porwal@ishoni.com> wrote:
> Hi Nathalie,
> 
> What you mean to say is that on the same box I would have to NAT first and
> then IPSec on the outgoing direction.  The IPSec rules also will refer to
> the Private addresses. That means NAT should not translate (port or address
> translation) any Traffic that may get tunneled at the IPSec Module ?
> Probably that could also be just controlled by appropriate policies at the
> NAT module. Am I right ?
> 
> Regards,
> 
> Vinod Porwal.
> 
> -----Original Message-----
> From: Nathalie Rivat [mailto:nrivat@nortelnetworks.com]
> Sent: Thursday, February 01, 2001 2:57 PM
> To: Vinod Kumar A Porwal; ipsec
> Subject: RE: NAT and IPSEC and Packet Filters
> 
> Vinod,
> 
> There is no particular issues about NATing clear IP packets that are
> forwarded by the IPsec gateway between the Intranet and the Internet. It is
> just a local policy implementation specifying that you NAT those packets.
> 
> Just to add another reference that supports this feature : the Contivity VPN
> switch (Nortel).
> 
> Regards,
> Nathalie
> 
> -----Original Message-----
> From: Vinod Porwal [ mailto:vinod.porwal@ishoni.com]
> Sent: Thursday, February 01, 2001 8:21 AM
> To: ipsec
> Subject: NAT and IPSEC and Packet Filters
> 
> 
> Hi,
> 
> I've scanned through few drafts , articles which talk about NAT and IPSEC.
> Most of them talk about having IPSEC traffic going through NAT devices.
> 
> I'am interested only in implementing a Security Gateway (SG) which protects
> the Private network from the internet (Packet Filters) ,  does NAT allowing
> the private network to reach the internet &  is able to establish VPN
> tunnels to other SG. Here there is no need for having  traffic being NAT'ed
> and IPSec'd at the same time.  Could some one guide me to few issues that I
> may have to consider in getting this kind of solution.  The interaction
> between NAT and IPSEC implementaiton that may be required etc..
> 
> From what I see most of the commercial boxes like SonicWall, CheckPoint
> right now support the above mentioned configuration. Am I right ?
> 
> Regards,
> 
> Vinod Porwal.
> 
> 
> 
> 
> 
> 
> 


=====


__________________________________________________
Get personalized email addresses from Yahoo! Mail - only $35 
a year!  http://personal.mail.yahoo.com/

References:

RE: NAT and IPSEC and Packet Filters

From: "Vinod Porwal" <vinod.porwal@ishoni.com>

Prev by Date: RE: ipsec error protocol
Next by Date: Re: ipsec error protocol
Prev by thread: RE: NAT and IPSEC and Packet Filters
Next by thread: RE: NAT and IPSEC and Packet Filters
Index(es):
- Main
- Thread