[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPSEC Security Gateways & NAT
In message <3.0.5.32.20010607143550.047a3380@smtp.datafellows.com>, Joern Sierw
ald writes:
>>
>
>The consensus among IPsec vendors is ESPoUDP. You use tunnel mode,
>and insert a UDP header in front of the ESP header. This is dead simple
>and works with normal NAT boxes.
>
I don't know that I'd use the word "consensus" -- and I would note that
that SSH has claimed assorted patent rights to the concept, at least as
explained in draft-stenberg-ipsec-nat-traversal-*.txt.
--Steve Bellovin, http://www.research.att.com/~smb
Follow-Ups: