Security Basics mailing list archives
RE: Encryption through NAT and State table
From: "Firegoblin Postmaster" <postmaster () firegoblin com>
Date: Fri, 13 Jun 2003 17:17:26 +0100
Almost forgot (well did actually), if they're using NAT you cannot use IPSec with AH enabled. The packet headers will be signed with the RFC1918 IP addresses, but will be received by the remote node with the 'Internet' addresses substituted - thus the signature will be 'wrong' and the packets will be rejected. --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
Current thread:
- Encryption through NAT and State table Gwydion Mine (Jun 13)
- RE: Encryption through NAT and State table Firegoblin Postmaster (Jun 13)
- RE: Encryption through NAT and State table Firegoblin Postmaster (Jun 13)
- RE: Encryption through NAT and State table Firegoblin Postmaster (Jun 13)