[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IPSec NAT pass-through: how to do it?

To: ipsec@lists.tislabs.com
Subject: IPSec NAT pass-through: how to do it?
From: Feng Ye <f_ye@yahoo.com>
Date: Fri, 16 Aug 2002 09:29:37 -0700 (PDT)
Sender: owner-ipsec@lists.tislabs.com

Hello,

I am working on an access box which has NAT, and now
we need to do IPSec pass through. We need to support
multiple clients behind the box. The scenario is the
user uses PC connect to the box and then to the
company gateway.

I read the UDP encapsulation draft, but I don't know
it's the IPSec endpoints (PC, company security
gateway) responsibility, or the NAT box's
responsibility to implement the draft? Besides, how do
I know if the company gateway has this feature (Is
this draft widely used)?

>From an earlier post, "Clarification of potential NAT
multiple client solutions" by Mr. Brian Swander, seems
there're other ways to do it. RFC draft (IPsec-nat
compatibility reqts) also mentioned that there're ways
like looking at cookie/SPI, but they has limitations. 

I don't know which way is better, UDP encap, or the
hacker-like way? Besides, if SSH/Microsoft claims
patent, how other vendors do this (like netopia,
linksys, etc.)?

Can somebody provide more detailed information or
point me to somewhere? Besides, if somebody can
provide consulting service please let me know.

Since I am newbie to IPSec, any info is very
appreciated!

Thanks a lot!

Feng

__________________________________________________
Do You Yahoo!?
HotJobs - Search Thousands of New Jobs
http://www.hotjobs.com

Follow-Ups:
- RE: IPSec NAT pass-through: how to do it?
  - From: "Jayant Shukla" <jshukla@trlokom.com>

Prev by Date: Re: IKE-SA Deletion
Next by Date: a lengthy analysis of counter mode and ESP
Prev by thread: Reference Packets
Next by thread: RE: IPSec NAT pass-through: how to do it?
Index(es):
- Date
- Thread