Firewall Wizards mailing list archives
IPsec and NAT [was: Placement of a VPN Appliance]
From: Valerie Anne Bubb <bubbva () incog com>
Date: Fri, 5 Jan 2001 17:48:22 -0800 (PST)
From: Ben Nagy <ben.nagy () marconi com au> Subject: RE: [fw-wiz] Placement of a VPN Appliance Date: Fri, 5 Jan 2001 08:47:19 +1030UDP encapsulated IPsec? Could you elaborate or direct me to where I can find more about this?Not much to say, really. The concept is that you take the IPSec packet you're about to send and wrap it in another UDP packet. All NAT etc gets performed on the outer UDP wrapper. When the other VPN device receives the packet it discards the wrapper and looks at the IP addressing on the IPSec packet within - which will typically have private src/dest IPs.
Is this all done by the same device? That is, is one device encrypting, adding the UDP header, and doing the NAT? That seems like a lot of extra work, and also requires another machine compatible with your way of wrapping it in a UDP packet at the other end (instead of any IPsec VPN product to any other brand's IPsec VPN product). This would seem to make NAT useless in scenarios where you and your partner have overlapping IP addresses on your internal networks (or, as is often seen when one company absorbs another), or am I missing something? Now, if this is just used in the context we were previously discussing, when the VPN host and the NAT box are two separate boxes, that would make more sense. (and would be a very good reason for doing your VPN and NAT with one product on the same box). thanks Valerie _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- IPsec and NAT [was: Placement of a VPN Appliance] Valerie Anne Bubb (Jan 08)
- Re: IPsec and NAT [was: Placement of a VPN Appliance] Ray Hooker (Jan 08)