[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSEC Security Gateways & NAT

To: Joern Sierwald <joern.sierwald@F-Secure.com>
Subject: Re: IPSEC Security Gateways & NAT
From: "Steven M. Bellovin" <smb@research.att.com>
Date: Thu, 07 Jun 2001 09:16:27 -0400
Cc: ipsec@lists.tislabs.com, Chris Trobridge <CTrobridge@baltimore.com>
Sender: owner-ipsec@lists.tislabs.com

In message <3.0.5.32.20010607143550.047a3380@smtp.datafellows.com>, Joern Sierw
ald writes:

>>
>
>The consensus among IPsec vendors is ESPoUDP. You use tunnel mode,
>and insert a UDP header in front of the ESP header. This is dead simple
>and works with normal NAT boxes.
>

I don't know that I'd use the word "consensus" -- and I would note that 
that SSH has claimed assorted patent rights to the concept, at least as 
explained in draft-stenberg-ipsec-nat-traversal-*.txt.

		--Steve Bellovin, http://www.research.att.com/~smb

Follow-Ups:

RE: IPSEC Security Gateways & NAT

From: "Andrew Krywaniuk" <andrew.krywaniuk@alcatel.com>

Re: IPSEC Security Gateways & NAT

From: Ari Huttunen <Ari.Huttunen@F-Secure.com>

Prev by Date: Re: IPSEC Security Gateways & NAT
Next by Date: RE: IPSEC Security Gateways & NAT
Prev by thread: Re: IPSEC Security Gateways & NAT
Next by thread: RE: IPSEC Security Gateways & NAT
Index(es):
- Main
- Thread