RE: Comcast and IPSec traffic

["J. Oquendo" <segment () antioffline com>]

As per the CCIE Routing TCP/IP vol2 book page 346 Encryption paragraph:

for NAT to function, neither the IP addresses nor any information
derived from them (such as the TCP header checksum) can be encrypted.

Amother concern is VPN's using for example, IPSec. With certain modes
of IPSec, if an IP address is changed in an IPSec packet, the IPSec
becomes meaningless and the VPN is broken. When ANY sort of encryption 
is used, you must place the NAT on the secure side rather than the
encrypted path...

***********************************************************************
One of the things you should think about is whether or not Comcast is
setting you up under NAT when you didn't want to be running under NAT.
Sounds confusing even as I type this, but say you've signed up for
say like a static IP connection... And they're NAT'ed this saves Comcast
nothing because they're not in charge of your own network, however you
set it up. Maybe they're just filtering something without your consent
who knows...



-----------------------------------------------------------------------
Hi all,
    This goes back to a fairly old thread (8/13, not that old).  Mark, you
sent an email asking if anyone had noticed Comcast blocking IPSec traffic.
    Well, guess what Comcast has started advertising.  Comcast is now
offering "High-Speed Internet Pro" service.  It offers and "even faster
connection."  And among other things, they list "VPN Compatible" on their
benefits.
    I guess that answers your question about whether they are blocking IPSec
traffic.

-Greg
-----------------------------------------------------------------------


-- 
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
exec `echo ajbqghuf|rot13|sed '/\n/!G;s/\(.\)\(.*\n\)/&\2\1/;//D;s/.//'`

Jesus Oquendo
sil @ disgraced . org
sil @ antioffline . com

PGP Fingerprint
39A7 24C6 A9A0 6C67 96CA 0302 F1D3 2420 851E E3D0

http://www.antioffline.com
http://www.politrix.org

You're free. And freedom is beautiful. And, you know, 
it'll take time to restore chaos and order, order out
of chaos. But we will." George W. Bush Washington, 
D.C., April 13, 2003

---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------