IPSec vs. Nat for VPN Problem
Pieter Grobler
pieterg at ABSA.CO.ZA
Fri Jan 14 04:29:08 EST 2000
Hi to all,
I have a interesting problem, is that i can not do NAT (network address
translation) when I
use IPSec to secure a VPN tunneled through L2TP. The problem is simple
to understand,
it is that NAT is actually a nice word for IP address spoofing, and
IPSec when it is used in tunnel
mode prevent IP address spoofing that is why NAT does not work with
IPSec ( tunnel mode).
But if i use IPSec transport mode it will solve the problem, but there
is no RFC of white paper
that implement IPSec in transport mode, there is no defined standard in
IPSec that implement IPSec in
transport mode. IS there there a standard that can help, a IPSec forum.
The use of IPSec is growing
rapidly why did no one else have this problem.
I must do NAT and want to create VPNs over the Internet because of the
cost benefit.
Now it create the following scenario:
1) One can not create an end-to-end VPN solution between two large
networks
that uses NAT.
2) This means that you must cut the IPSec tunnel into pieces at every
NAT box
creating a lot of points of attack. The ideal end-to-end security
becomes impossible
because of the lack of IPSec's NAT compatibility.
Is the may new standards for IPSec that I do not no off (RFC).
IF Not how can overcome this.
Can any one Please help me or give me some advise.
Thanks Pieter
VPN is sponsored by SecurityFocus.COM
More information about the VPN
mailing list