Re: linux-ipsec: VS: IP tunnel over a NAT (IP masq) possible ?

["Steven M. Bellovin" <smb () research att com>]

In message <Pine.LNX.3.96.990720075946.30616E-100000 () gypsy rubyriver com>, "Joh
n D. Hardin" writes:
> On Tue, 20 Jul 1999 O.Schnapauff () tu-bs de wrote:
>
> > As John already pointed out he is working on NAT for IPSec traffic
>
> NB- I think I've taken IPSec masquerade about as far as it can be
> taken without attempting to communicate with the endpoint gateways or
> act as an intelligent proxy and participate in any of the encryption.

For a different approach to firewalls and IPsec, see 
http://www.research.att.com/~smb/papers/distfw.ps or 
http://www.research.att.com/~smb/papers/distfw.pdf.