Firewall Wizards mailing list archives
ipsec nat traversal-conclude
From: SimonChan () lifeisgreat com sg
Date: Mon, 3 Mar 2003 21:23:57 +0800
Hi all, having gone over various source. I've come to this conclusion for the following scenario : IPsec Client------ FW Nat (nat) ---- FW/VPN Nat(nat) ------Lan (the 2nd Fw/VPN has a public Ip which is static natted by the 1st FW) The IPSec Client can only connect to the terminating VPN gateway behind the 1st FW on the following conditions * the IPsec is using ESP transport (does not encrypt the IP header, only the payload) (ESP tunnel will encrypt the IP header, AH will perform Hash on the IP header causing NAT to fail) Some queries still bugging me. * I have suggestion to open IP protocol 50-ESP and 51-AH and UDP 500-Ike Is this sufficient ?? *Some VPN client e.g. secuRemote can encapsulate IPSec packets in another layer of UDP so any NAT along the path doesn't try to alter the IP header. Is the above 2 methods an alternative to IPSec Nat transversal ? tks. Rgds, Simon --------------------------------------------------------------------------------- CONFIDENTIALITY CAUTION : The email is only for the use of the person or entity to whom it is addressed and contains information that is privileged and confidential. If you, the reader of this email are not the intended recipient, any distribution, copying or dissemination of this email is strictly prohibited. If you have received this email in error, please contact the sender immediately by return email and delete this email. Thank you. Please visit our website at http://www.lifeisgreat.com.sg. --------------------------------------------------------------------------------- _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- ipsec nat traversal-conclude SimonChan (Mar 03)
- Re: ipsec nat traversal-conclude Dave Rinker (Mar 03)
- <Possible follow-ups>
- ipsec nat traversal-conclude Fredrik Lindström (Mar 04)