[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: on NAT-PT
> >has any way been found as yet to accomplish end to end ipsec with nat.if
> >not, will this require a modification in the way ipsec ah and ipsec esp
> >works or will nat-pt will have to be revised alltogether (which i don't
> >think is a very good proposition)? i think an urgent solution to this is
> >required if nat/napt-pt is to be used at a larger scale.
>
> ipsec does not work over NAT. period.
> (there are efforts in ipsec wg, but...)
>
Some of the routers supports IPsec pass through mode and works fine (at
least
with my limited experience) with ESP tunnel mode. As far as i can tell no
one
cares about AH. IPsec pass through mode seems to work fine for home
scenarios
(my PC behind the NAT establishing a IPsec ESP tunnel to the corporate). Its
limitations
might prevent its use in large scale though.
-mohan
-mohan
> itojun
>
>