[BAWUG] RG 1000 / IPSec

Adam Burns vortex at free2air.net
Fri Aug 17 02:54:52 EST 2001

The major problem with IPsec & NAT'ing is IKE. IPsec ESP can be NAT'ed (but 
don't you be trying AH coz it ain't gonna work!) because the data integrity 
is performed on the encapsulated packet, not the header.

With many-to-one port translation style NAT'ing, port 500 to port 500 
communications get mangled. 'Fudged' Internal UDP state tables can fix this.

hope this helps,


On Wednesday 31 December 1969 07:00 pm, snoop9 at hushmail.com wrote:
> Fall Version (7.2) image at www.wavelan.com
> claims that it auto enables IPSec as the
> transport when NAT is enabled.
> Has anyone tried this?  I am a little confused
> about how they claim to do this.  When NATing
> the packet is disassembled and then reassebled.
> If they try this on an IPSec packet, will it
> not fail checksum tag?
> Thanks
> Version: Hush 2.0
> wlsEARECABsFAjt7q/4UHHNub29wOUBodXNobWFpbC5jb20ACgkQcINCEeyS3lwZEACe
> Phh0adWueshfeqM7NlmIj7cyKnYAoJdfoeqg71jB0vtUvCnFhRTdImai
> =eEUV
> Free, secure Web-based email, now OpenPGP compliant - www.hushmail.com
> --
> general wireless list, a bawug thing <http://www.bawug.org/>
> [un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless

More information about the wireless mailing list