PIX and VPNet
Nimesh Vakharia
nvakhari at GENX.NET
Tue Feb 20 13:25:41 EST 2001
Anyone out there with comments/experience with interoperating PIX and
VPNet VSU's? Any gotcha's?
Nimesh.
On Thu, 15 Feb 2001, Nimesh Vakharia wrote:
> IPSec goes NUTS when it gets nat'ed but it has no problem accepting
> traffic thats already nat'ed. For the device its just IP traffic.
>
> eg
>
> NAT'ed Device -------- VPN Device ------- Internet Cloud-->>>
>
> This setup works fine. This is feasible but its difficult to work it into
> an already existing implementation. U'r probably going to have a change in
> design/addressing changes, worry about single points of failures etc. But
> hey it works.
>
> People start freaking out when they see NAT and need VPN because there are
> a ton of problems with it. But the order is very important and dosen't get
> mentioned! NAT then VPN works... I think the "ORDER" seriously needs to be
> stressed a lot more.
>
> Nimesh.
>
> On Tue, 13 Feb 2001, Robert G Palmer Jr wrote:
>
> > What exactly do you mean by "it's a lot better to do it the other way
> > around" - NAT through IPSEC?
> >
> >
> > on 2/13/01 11:13 AM, Joel M Snyder at Joel.Snyder at OPUS1.COM wrote:
> >
> > > The short answer is that NAT is an evil thing and while it is possible
> > > to get IPSEC going through NAT, it's a lot better to do it the other way
> > > around.
> >
> > -----------------------------
> > Robert G. Palmer, Jr.
> > Product Engineer
> > robert.palmer at ipix.com
> > iPIX - The Leader in Dynamic Imaging
> > Phone: (865)-482-3000
> > http://www.ipix.com
> >
> > VPN is sponsored by SecurityFocus.COM
> >
>
> VPN is sponsored by SecurityFocus.COM
>
VPN is sponsored by SecurityFocus.COM
More information about the VPN
mailing list