[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSEC Security Gateways & NAT

To: Chris Trobridge <CTrobridge@baltimore.com>
Subject: Re: IPSEC Security Gateways & NAT
From: Sandy Harris <sandy@storm.ca>
Date: Thu, 07 Jun 2001 10:55:53 -0400
CC: ipsec@lists.tislabs.com
References: <F86F34FDF1F9D411B7A40008C74C27B8028761@hhdata3.cdsemea.baltimore.com>
Sender: owner-ipsec@lists.tislabs.com

Chris Trobridge wrote:

> This appears to imply that NAT, in general, must be performed before
> encryption.  This is at odds with the models that a number of service
> providers are trying to apply.  Are there any solutions to these problems?
> Or any papers detailing the sort of problems that occur when mixing NAT with
> IPSEC.

There's some discussion, and links to other things, in the FreeS/WAN docs:

http://www.freeswan.org/freeswan_trees/freeswan-1.9/doc/firewall.html#NAT

A new 1.91 version, slightly expanded, should appear within a few days,
when 1.91 is released.

I'm the author and I think that discussion could stand improvement. If
you find good references on this please either post them here or send
me mail about them.

References:

IPSEC Security Gateways & NAT

From: Chris Trobridge <CTrobridge@baltimore.com>

Prev by Date: Re: IPSEC Security Gateways & NAT
Next by Date: RE: IPSEC Security Gateways & NAT
Prev by thread: Re: IPSEC Security Gateways & NAT
Next by thread: Re: IPSEC Security Gateways & NAT
Index(es):
- Main
- Thread