Hosting Provided By

Re: nat on enc0

From: Cedric Berger <cedric(at)berger.to>
Date: Thu Jun 26 2003 - 06:33:57 EDT

Hakan Olsson wrote:

>In my experience this never works, or atleast not well.
While I agree that playing with NAT and IPSec at the same time is the last solution that should be used, some time this is really handy. I'm using redirections (rdr on enc0 -> anotherIp) for production servers and it works very well.

>Design bugs should not be solved by code.
There is applications where you want to use IPSec for it's security, but you don't want to use tunneling to expose all of your internal network structure. For example if you want to talk between 2 private networks in a secure way, with the two networks in 2 different companies. Heck, both companies could even both use the same 192.168.1/24 addressing! In that case, the only way is to use NAT. Cedric Received on Thu Jun 26 06:51:03 2003

This message: [ Message body ]
Next message: Hakan Olsson: "Re: nat on enc0"
Previous message: Craig Barraclough: "Debugging umass"
In reply to Hakan Olsson: "Re: nat on enc0"
Next in thread: Hakan Olsson: "Re: nat on enc0"
Reply: Hakan Olsson: "Re: nat on enc0"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 13:48:42 EDT