Firewall Wizards mailing list archives
Re: ipsec nat transversal
From: "Patrick M. Hausen" <hausen () punkt de>
Date: Thu, 20 Feb 2003 10:12:48 +0100 (CET)
Hi!
I have an existing Firewall / VPN gateway and we have remote users vpn client connecting to it. We are in the process of putting an additional firewall in front of the existing firewall. If both Firewalls are running NAT, can the remote vpn client connect to the 2nd Firewall. I understand that the term "ipsec Nat transversal" function is required on the 1st firewall in order to allow IPSec traffic to pass through. Is that Correct ?
Both the VPN client and your existing firewall need to support that. NAT traversal is an IETF draft proposing to encapsulate IPSec packets in another layer of UDP so any NAT along the path doesn't try to alter the IP header (which is protected by AH). Look here: http://www.sandelman.ottawa.on.ca/ipsec/2000/07/msg00109.html http://www.ietf.org/internet-drafts/draft-ietf-ipsec-nat-t-ike-05.txt This is what google gave me at the first try, you may need to search a little more. HTH, Patrick -- punkt.de GmbH Internet - Dienstleistungen - Beratung Scheffelstr. 17 a Tel. 0721 9109 -0 Fax: -100 76135 Karlsruhe http://punkt.de _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- ipsec nat transversal SimonChan (Feb 18)
- Re: ipsec nat transversal Patrick M. Hausen (Feb 20)