Re: [fw-wiz] ipsec nat transversal
From: Patrick M. Hausen (hausen@punkt.de)
Date: 02/20/03
- Previous message: Carson Gaspar: "Re: [fw-wiz] Query on OS hardening"
- In reply to: SimonChan@lifeisgreat.com.sg: "[fw-wiz] ipsec nat transversal"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Patrick M. Hausen" <hausen@punkt.de> To: SimonChan@lifeisgreat.com.sg Date: Thu, 20 Feb 2003 10:12:48 +0100 (CET)
Hi!
> I have an existing Firewall / VPN gateway and we have remote users vpn
> client connecting to it.
>
> We are in the process of putting an additional firewall in front of the
> existing firewall.
> If both Firewalls are running NAT, can the remote vpn client connect to the
> 2nd Firewall.
>
> I understand that the term "ipsec Nat transversal" function is required on
> the 1st firewall
> in order to allow IPSec traffic to pass through.
>
> Is that Correct ?
Both the VPN client and your existing firewall need to support
that. NAT traversal is an IETF draft proposing to encapsulate
IPSec packets in another layer of UDP so any NAT along the path
doesn't try to alter the IP header (which is protected by AH).
Look here:
http://www.sandelman.ottawa.on.ca/ipsec/2000/07/msg00109.html
http://www.ietf.org/internet-drafts/draft-ietf-ipsec-nat-t-ike-05.txt
This is what google gave me at the first try, you may need to search
a little more.
HTH,
Patrick
-- punkt.de GmbH Internet - Dienstleistungen - Beratung Scheffelstr. 17 a Tel. 0721 9109 -0 Fax: -100 76135 Karlsruhe http://punkt.de _______________________________________________ firewall-wizards mailing list firewall-wizards@honor.icsalabs.com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Next message: John Adams: "Re: [fw-wiz] Query on OS hardening"
- Previous message: Carson Gaspar: "Re: [fw-wiz] Query on OS hardening"
- In reply to: SimonChan@lifeisgreat.com.sg: "[fw-wiz] ipsec nat transversal"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
