A doubt on IPSEC & NAT
Nimesh Vakharia
nvakhari at GENX.NET
Thu Feb 15 22:01:45 EST 2001
IPSec goes NUTS when it gets nat'ed but it has no problem accepting
traffic thats already nat'ed. For the device its just IP traffic.
eg
NAT'ed Device -------- VPN Device ------- Internet Cloud-->>>
This setup works fine. This is feasible but its difficult to work it into
an already existing implementation. U'r probably going to have a change in
design/addressing changes, worry about single points of failures etc. But
hey it works.
People start freaking out when they see NAT and need VPN because there are
a ton of problems with it. But the order is very important and dosen't get
mentioned! NAT then VPN works... I think the "ORDER" seriously needs to be
stressed a lot more.
Nimesh.
On Tue, 13 Feb 2001, Robert G Palmer Jr wrote:
> What exactly do you mean by "it's a lot better to do it the other way
> around" - NAT through IPSEC?
>
>
> on 2/13/01 11:13 AM, Joel M Snyder at Joel.Snyder at OPUS1.COM wrote:
>
> > The short answer is that NAT is an evil thing and while it is possible
> > to get IPSEC going through NAT, it's a lot better to do it the other way
> > around.
>
> -----------------------------
> Robert G. Palmer, Jr.
> Product Engineer
> robert.palmer at ipix.com
> iPIX - The Leader in Dynamic Imaging
> Phone: (865)-482-3000
> http://www.ipix.com
>
> VPN is sponsored by SecurityFocus.COM
>
VPN is sponsored by SecurityFocus.COM
More information about the VPN
mailing list