Firewall Wizards mailing list archives
Re: IP tunnel over a NAT (IP masq) possible ?
From: Steven Brown <sbrown () cw net>
Date: Fri, 16 Jul 1999 18:03:06 -0400 (EDT)
Hi Otel, Can't tell you about all products, but many will not work with (many to one NAT), they have problems after the IP headers are changed. Usually the key excahnge works, then the device (whatever it is) will not pass the following packets. (If anyone knows different, please add your comments, I'm working on that right now), and in the mix is an assorement of NAT, Proxy and hardware devices. I know checkPoint Secure Remote will not work, and I've heard many incompatibility stories using AOL as transport, since they write a modified TCP/IP stack. Someone made a mention though, if you use a public routable IP adress space, and have the NAT proxy doing IP forwarding, and using encryption, not encapsulation, that may work. Sincerely Steve On Fri, 16 Jul 1999, Otel Florian-Daniel wrote:
Hello everybody, I have the following problem: I have a machine behind a NAT performing one-to-many address translation (inside: Net 10. outside: only one IP addr). What i would like to do is to set a IP tunnel from one of the inside machines (the "client") to a remote machine (i.e. beyond NAT) (the "server"). Such that after the tunnel setup the inside machine appears to be virtually attached to the remote net. Requirements: -As it is implied, I don't have administrative control over the NAT (otherwise e.g. i could simply attach the client beyond it and use `oridnary` IP tunneling) -The tunnel is encrypted (overhead issues irrelevant for the time being) -The tunnel is set on-demand, in a client-server fashion (e.g. tunneling over a TCP connection). -The operating system: Linux Any ideas and suggestions are welcomed. Many thanks, Florian P.S: Maybe this were not the most appropriate forums were to ask. If that is the case, appologies in advance. Any hint in this respect will be appreciated.
Steven A. Brown, MBA., CCSA, CCSE, VPN/Firewall & Internet Security Engineer Cable&Wireless, 6400 Weston Pkwy, 3rd. FL Research Triangle Park, NC, 27513 Author:Implementing Virtual Private Networks, McGraw-Hill CoAuthor:CheckPoint Firewall-1, McGraw-Hill sbrown () cw net, Steven.Brown () cwusa com
Current thread:
- IP tunnel over a NAT (IP masq) possible ? Otel Florian-Daniel (Jul 16)
- Re: linux-ipsec: IP tunnel over a NAT (IP masq) possible ? Kurt Seifried (Jul 16)
- Re: IP tunnel over a NAT (IP masq) possible ? Steven Brown (Jul 16)
- Re: linux-ipsec: IP tunnel over a NAT (IP masq) possible ? John D. Hardin (Jul 18)
- VS: IP tunnel over a NAT (IP masq) possible ? Pekka Turunen (Jul 19)
- Re: linux-ipsec: VS: IP tunnel over a NAT (IP masq) possible ? O . Schnapauff (Jul 20)
- Re: linux-ipsec: VS: IP tunnel over a NAT (IP masq) possible ? John D. Hardin (Jul 20)
- Re: linux-ipsec: VS: IP tunnel over a NAT (IP masq) possible ? O . Schnapauff (Jul 20)