nanog mailing list archives
IPSEC and PAT
From: Vandy Hamidi <vhamidi () insweb com>
Date: Thu, 13 Sep 2001 16:44:57 -0700
I know that in Tunnel Mode, IPsec can be NATed and PATed (without IKE on UDP 500 being used), but as I'm trying to break down the process of how it is working, I've been stumped by this: NAT - Changes source IP during translation PAT - Changes source IP and TCP/UDP port to another to track multiple to one translations. My question is, how does PAT track the packets with their internal hosts when there is not a TCP/UDP header to translate. How does it know which "internal" host a returning ESP packet must be forwarded to after it un PATs the incoming packet? thanks and I hope this isn't a totally stupid question. If it is, humor me ;), -=Vandy=-
Current thread:
- IPSEC and PAT Vandy Hamidi (Sep 13)
- <Possible follow-ups>
- Re: IPSEC and PAT Steven M. Bellovin (Sep 13)
- Re: IPSEC and PAT Adam Herscher (Sep 13)
- RE: IPSEC and PAT Vandy Hamidi (Sep 13)
- Re: IPSEC and PAT Steven M. Bellovin (Sep 13)
- RE: IPSEC and PAT Tim Irwin (Sep 13)
- RE: IPSEC and PAT Vandy Hamidi (Sep 13)
- Re: IPSEC and PAT Tony Rall (Sep 13)
- Re: IPSEC and PAT Bora Akyol (Sep 13)
- Re: IPSEC and PAT Chris Grout (Sep 13)
- Re: IPSEC and PAT Adam Herscher (Sep 13)
- Re: IPSEC and PAT Bora Akyol (Sep 13)
(Thread continues...)