Firewall Wizards mailing list archives

RE: Placement of a VPN Appliance

From: Ben Nagy <ben.nagy () marconi com au>
Date: Fri, 5 Jan 2001 08:47:19 +1030

UDP encapsulated IPsec? Could you elaborate or direct me to 
where I can find
more about this?


Not much to say, really. The concept is that you take the IPSec packet
you're about to send and wrap it in another UDP packet. All NAT etc gets
performed on the outer UDP wrapper. When the other VPN device receives the
packet it discards the wrapper and looks at the IP addressing on the IPSec
packet within - which will typically have private src/dest IPs.

What vendors are doing this


Checkpoint and Cisco (for their VPN concentrators only, at this stage, I
think) at least.

(I assume to 
allow VPNs to work
through NAT firewalls?)?


Yup.

thanks!

johnS


Cheers,

--
Ben Nagy
Marconi Services
Network Integration Specialist
Mb: +61 414 411 520  PGP Key ID: 0x1A86E304

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

Placement of a VPN Appliance Crist Clark (Jan 03)
- <Possible follow-ups>
- RE: Placement of a VPN Appliance Ben Nagy (Jan 03)
  - Re: Placement of a VPN Appliance Crist Clark (Jan 03)
- Re: Placement of a VPN Appliance Jeffery . Gieser (Jan 04)
- Re: Placement of a VPN Appliance Bill_Royds (Jan 04)
- RE: Placement of a VPN Appliance Stewart, John (Jan 04)
- RE: Placement of a VPN Appliance Bob . Eichler (Jan 04)
- RE: Placement of a VPN Appliance Jeffery . Gieser (Jan 04)
- RE: Placement of a VPN Appliance Ben Nagy (Jan 04)
- RE: Placement of a VPN Appliance Ben Nagy (Jan 04)
- Re: Placement of a VPN Appliance dharris (Jan 04)
  - Re: Placement of a VPN Appliance R. DuFresne (Jan 05)
    - Re: Placement of a VPN Appliance JB (Jan 08)
- RE: Placement of a VPN Appliance David Bovee (Jan 05)
- Re: Placement of a VPN Appliance Jeffery . Gieser (Jan 05)
- Re: Placement of a VPN Appliance dharris (Jan 05)