[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: IPSec Passthrough
Hi, Vinay
>Few mechanisms i could imagine the IPsec gateways did:
>1. Use L2TP over IPsec and tie (using firewall rules) the PPP/L2TP
>assigned IP address to the IPsec SA.
>
>2. Do some sort of (static?) NAT (again using firewall) on the packets
>coming out an SA so that the packets on the reverse path can be reliably
>channeled to the correct SA.
The static NAT requires more no of IP addresses. But with out static NAT
this can be done, by serializing the IPSEC connections of hosts behind the
NAT device. Linux implementation is available for this problem.
>Any better ways of doing that?