RE: Encryption through NAT and State table

["Firegoblin Postmaster" <postmaster () firegoblin com>]

Almost forgot (well did actually), if they're using NAT you cannot use IPSec
with AH enabled.

The packet headers will be signed with the RFC1918 IP addresses, but will be
received by the remote node with the 'Internet' addresses substituted - thus
the signature will be 'wrong' and the packets will be rejected.


---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------