Firewall Wizards mailing list archives
VS: IP tunnel over a NAT (IP masq) possible ?
From: "Pekka Turunen" <pekka.turunen () netseal com>
Date: Mon, 19 Jul 1999 14:18:55 +0300
Hello everybody, I have the following problem: I have a machine behind a NAT performing one-to-many address translation (inside: Net 10. outside: only one IP addr). What i would like to do is to set a IP tunnel from one of the inside machines (the "client") to a remote machine (i.e. beyond NAT) (the "server"). Such that after the tunnel setup the inside machine appears to be virtually attached to the remote net. Any ideas and suggestions are welcomed. Many thanks, Florian
Hello Florian! We have studied the NAT -problem and developed a solution for it. We have applied a patent for this solution, which is called FireSeal. With FireSeal the firewall isn't required to decrypt the packets. Nevertheless the traffic can be fully controlled - dynamically. The FireSeal system consists of two main components. The Client component works as a part of the IPSec - or any other security application, inside the company network boundaries, whereas the server component is attached to the firewall. The process of controlling secured network traffic can be divided into three steps: 1. The client part of FireSeal sends parameters concerning the connection to the firewall (IP address, protocol used etc.). 2. The firewall decides if the connection is allowed (firewalls normal control mechanisms are used). If the connection is accepted then firewall sends to the client the needed parameters for the connection (i.e. the NAT transform parameters and a SPI number, which identifies the approved connection). 3. The client does the NAT transformation and sends the data. The data passes through the firewall if the SPI matches the ones in firewall. I.e. the firewall can use its normal policies to decide, whether or not to let the traffic pass through. In regard to applications needing secure communications, FireSeal is completely invisible. Yours sincerely, Pekka Turunen NetSeal Technologies - Complete Network Security Pekka Turunen pekka.turunen () netseal com www.netseal.com phone +358-9-4375-428
Current thread:
- IP tunnel over a NAT (IP masq) possible ? Otel Florian-Daniel (Jul 16)
- Re: linux-ipsec: IP tunnel over a NAT (IP masq) possible ? Kurt Seifried (Jul 16)
- Re: IP tunnel over a NAT (IP masq) possible ? Steven Brown (Jul 16)
- Re: linux-ipsec: IP tunnel over a NAT (IP masq) possible ? John D. Hardin (Jul 18)
- VS: IP tunnel over a NAT (IP masq) possible ? Pekka Turunen (Jul 19)
- Re: linux-ipsec: VS: IP tunnel over a NAT (IP masq) possible ? O . Schnapauff (Jul 20)
- Re: linux-ipsec: VS: IP tunnel over a NAT (IP masq) possible ? John D. Hardin (Jul 20)
- Re: linux-ipsec: VS: IP tunnel over a NAT (IP masq) possible ? O . Schnapauff (Jul 20)