Does AH work with NT
Ryan Russell
ryan at SECURITYFOCUS.COM
Fri Apr 7 13:14:10 EDT 2000
On Thu, 6 Apr 2000, Matthew Harding wrote:
> A customer had a question: does AH work with NAT? If I have a client
> connecting IPSec through a NAT translated firewall, can you use AH as
> well as ESP or will the NAT translation of the original client IP
> disallow AH from authenticating properly once it hits the switch?
>
In general, yes NAT will break it. There are provisions in the various
IPSec drafts (sorry, I don't follow it all that closely) that provide for
a single IPSec by proxy type of device, intended probably to be a firewall
acting on behalf of an inside machine. So, theoretically, you could build
some sort of cooperating NAT that would work with AH.
Ryan
VPN is sponsored by SecurityFocus.COM
More information about the VPN
mailing list