Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: lists.freeswan.org > 1998-fall > 98 > 100040.html (Request Expert lists.freeswan.org Support)

Re: linux-ipsec: IPSec & NAT

From: Al Youngwerth <alberty(at)apexxtech.com>
Date: Fri Oct 09 1998 - 18:52:48 EDT

At 10:45 PM 10/8/98 -0400, you wrote:
>> I would appreciate your thoughts on NAT and IPSec...

Principally, NAT relies on being able to understand source and destination IP addresses and port numbers to route packets correctly. However, some applications, especially those that open reverse connections (ftp and others), requires inspection of the data stream to work correctly.

>
>The fundamental incompatibility means that you just don't get end-to-end

My knowledge of the IPSEC protocol is very limited (encryption, right?). I know a little about NAT (at least Linux masquerading). But here's a data point from Bay Networking's web site section on their Instant Internet product, an IPX/IP NAT router:

"Use the Internet as a Virtual Private Network (VPN) Communicate privately and securely across the Internet using Instant Internet's VPN support. Instant Internet allows IPSec ESP tunneling through NAT providing end-to-end encryption for sensitive office-to-office traffic when using a VPN client such as the one provided with the Bay Networks Contivity product."

I haven't had the time to explore this far enough to determine the feasability but my guess is that it is doable.

If anyone out there is interested working on an IPSEC NAT module, I can offer my limited expertise in Linux masquerading modules. But I would need some help on understanding the whole IPSEC packet exchange process.

Do you need help?X

Anyone interested?

Al Youngwerth
alberty@apexxtech.com Received on Fri Oct 9 19:44:03 1998

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 12:59:03 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library