RG 1000 / IPSec

Jon Knight J.P.Knight at lboro.ac.uk
Thu Aug 16 22:50:06 EST 2001


On Thu, 16 Aug -1 snoop9 at hushmail.com wrote:
> Fall Version (7.2) image at www.wavelan.com
> claims that it auto enables IPSec as the
> transport when NAT is enabled.
> 
> Has anyone tried this?  I am a little confused
> about how they claim to do this.  When NATing
> the packet is disassembled and then reassebled.
> If they try this on an IPSec packet, will it
> not fail checksum tag?

Depends on the IPSec type in use.  One type checksums the payload of the
packet, the other checksums the whole packet.  You can NAT the former but
not the latter.  See the FreeSWAN docs at <URL:http://www.freeswan.org/>
for all the grizzly details.

Tatty bye,

Jim'll





More information about the wireless mailing list