[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: on NAT-PT

To: "Thakur, Anand" <Anand.Thakur@hpsglobal.com>,<itojun@iijlab.net>
Subject: Re: on NAT-PT
From: "Mohan Parthasarathy" <mohanp@tahoenetworks.com>
Date: Sat, 30 Nov 2002 14:26:02 -0800
Cc: "V6ops \(E-mail\)" <v6ops@ops.ietf.org>,<srisuresh@yahoo.com>
References: <20021129065736.0FF9F4B22@coconut.itojun.org>

> >has any way been found as yet to accomplish end to end ipsec with nat.if
> >not, will this require a modification in the way ipsec ah and ipsec esp
> >works or will nat-pt will have to be revised alltogether (which i don't
> >think is a very good proposition)? i think an urgent solution to this is
> >required if nat/napt-pt is to be used at a larger scale.
>
> ipsec does not work over NAT.  period.
> (there are efforts in ipsec wg, but...)
>
Some of the routers supports IPsec pass through mode and works fine (at
least
with my limited experience) with ESP tunnel mode. As far as i can tell no
one
cares about AH.  IPsec pass through mode seems to work fine for home
scenarios
(my PC behind the NAT establishing a IPsec ESP tunnel to the corporate). Its
limitations
might prevent its use in large scale though.

-mohan


-mohan
> itojun
>
>

References:
- Re: on NAT-PT
  - From: itojun@iijlab.net

Prev by Date: RE: on NAT-PT
Next by Date: Re: isatap-07 draft offered as last-call
Previous by thread: Re: on NAT-PT
Next by thread: RE: on NAT-PT
Index(es):
- Date
- Thread