[BAWUG] RG 1000 / IPSec
Adam Burns
vortex at free2air.net
Fri Aug 17 02:54:52 EST 2001
The major problem with IPsec & NAT'ing is IKE. IPsec ESP can be NAT'ed (but
don't you be trying AH coz it ain't gonna work!) because the data integrity
is performed on the encapsulated packet, not the header.
With many-to-one port translation style NAT'ing, port 500 to port 500
communications get mangled. 'Fudged' Internal UDP state tables can fix this.
hope this helps,
.vortex
On Wednesday 31 December 1969 07:00 pm, snoop9 at hushmail.com wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
> Fall Version (7.2) image at www.wavelan.com
> claims that it auto enables IPSec as the
> transport when NAT is enabled.
>
> Has anyone tried this? I am a little confused
> about how they claim to do this. When NATing
> the packet is disassembled and then reassebled.
> If they try this on an IPSec packet, will it
> not fail checksum tag?
>
> Thanks
>
> -----BEGIN PGP SIGNATURE-----
> Version: Hush 2.0
>
> wlsEARECABsFAjt7q/4UHHNub29wOUBodXNobWFpbC5jb20ACgkQcINCEeyS3lwZEACe
> Phh0adWueshfeqM7NlmIj7cyKnYAoJdfoeqg71jB0vtUvCnFhRTdImai
> =eEUV
> -----END PGP SIGNATURE-----
>
> Free, secure Web-based email, now OpenPGP compliant - www.hushmail.com
>
> --
> general wireless list, a bawug thing <http://www.bawug.org/>
> [un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless
More information about the wireless
mailing list