[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IPSec Passthrough

To: BSingh@Nomadix.com
Subject: RE: IPSec Passthrough
From: Vinay K Nallamothu <vinay-rc@naturesoft.net>
Date: 02 May 2003 11:39:19 +0530
Cc: msiler@hcin.net, ipsec@lists.tislabs.com
In-Reply-To: <89680B404BA1DD419E6D93B28B41899B0105F21A@01MAIL>
References: <89680B404BA1DD419E6D93B28B41899B0105F21A@01MAIL>
Sender: owner-ipsec@lists.tislabs.com

On Thu, 2003-05-01 at 23:44, BSingh@Nomadix.com wrote:
> server. It is dependent on the server implementation to distinguish 2
> different connections coming from the same IP address (of the NAT device)
> and is not a very reliable method of doing things..
what tricks were used by the NAT-T unware IPsec gateways?

Few mechanisms i could imagine the IPsec gateways did:
1. Use L2TP over IPsec and tie (using firewall rules) the PPP/L2TP
assigned IP address to the IPsec SA.

2. Do some sort of (static?) NAT (again using firewall) on the packets
coming out an SA so that the packets on the reverse path can be reliably
channeled to the correct SA.

Any better ways of doing that?

vinay

Follow-Ups:
- RE: IPSec Passthrough
  - From: Ramana Yarlagadda <ramana.yarlagadda@analog.com>
- Re: IPSec Passthrough
  - From: "Srinivasa Rao Addepalli" <srao@intotoinc.com>

References:
- RE: IPSec Passthrough
  - From: BSingh@Nomadix.com

Prev by Date: Re: ikev2-07: last nits
Next by Date: Re: Question on inbound IPSEC policy check
Prev by thread: RE: IPSec Passthrough
Next by thread: RE: IPSec Passthrough
Index(es):
- Date
- Thread