Re: NAT and IPSEC and Packet Filters

[Derek Atkins <warlord@mit.edu>]

This is easy.  On the NAT/SG box, you setup routes that:

	a) go through IPSec to the remote SG for particular networks,
	b) go through NAT for the default route

This way you will NOT be NAT'ed for the SGs but you WILL be NATed for
everything else.  Luckily the routing priority is such that this works
with a normal routing table.

-derek

"Vinod Porwal" <vinod.porwal@ishoni.com> writes:

> Hi,
> 
> I've scanned through few drafts , articles which talk about NAT and IPSEC.
> Most of them talk about having IPSEC traffic going through NAT devices.
> 
> I'am interested only in implementing a Security Gateway (SG) which protects
> the Private network from the internet (Packet Filters) ,  does NAT allowing
> the private network to reach the internet &  is able to establish VPN
> tunnels to other SG. Here there is no need for having  traffic being NAT'ed
> and IPSec'd at the same time.  Could some one guide me to few issues that I
> may have to consider in getting this kind of solution.  The interaction
> between NAT and IPSEC implementaiton that may be required etc..
> 
> From what I see most of the commercial boxes like SonicWall, CheckPoint
> right now support the above mentioned configuration. Am I right ?
> 
> Regards,
> 
> Vinod Porwal.
> 
> 
> 
> 
> 
> 

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available

---

References:

• NAT and IPSEC and Packet Filters
• From: "Vinod Porwal" <vinod.porwal@ishoni.com>

---

• Prev by Date: Re: ipsec error protocol
• Next by Date: RE: NAT and IPSEC and Packet Filters
• Prev by thread: NAT and IPSEC and Packet Filters
• Next by thread: Re: NAT and IPSEC and Packet Filters
• Index(es):
  • Main
  • Thread