[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IPSec Passthrough

To: Vinay K Nallamothu <vinay-rc@naturesoft.net>, BSingh@Nomadix.com
Subject: RE: IPSec Passthrough
From: Ramana Yarlagadda <ramana.yarlagadda@analog.com>
Date: Fri, 02 May 2003 12:18:43 -0700
Cc: msiler@hcin.net, ipsec@lists.tislabs.com
In-Reply-To: <1051855760.1160.14.camel@lima.royalchallenge.com>
References: <89680B404BA1DD419E6D93B28B41899B0105F21A@01MAIL> <89680B404BA1DD419E6D93B28B41899B0105F21A@01MAIL>
Sender: owner-ipsec@lists.tislabs.com

Hi, Vinay


>Few mechanisms i could imagine the IPsec gateways did:
>1. Use L2TP over IPsec and tie (using firewall rules) the PPP/L2TP
>assigned IP address to the IPsec SA.
>
>2. Do some sort of (static?) NAT (again using firewall) on the packets
>coming out an SA so that the packets on the reverse path can be reliably
>channeled to the correct SA.

The static NAT requires more no of IP addresses. But with out static NAT 
this can be done, by serializing the IPSEC connections of hosts behind the 
NAT device. Linux  implementation is available for this problem.


>Any better ways of doing that?

References:
- RE: IPSec Passthrough
  - From: BSingh@Nomadix.com
- RE: IPSec Passthrough
  - From: Vinay K Nallamothu <vinay-rc@naturesoft.net>

Prev by Date: Re: IPSec Passthrough
Next by Date: Re: Question on inbound IPSEC policy check
Prev by thread: RE: IPSec Passthrough
Next by thread: Re: IPSec Passthrough
Index(es):
- Date
- Thread