IPSec works fine with NAT. It's just IP.
Well...pretty damn cool IP, but still IP.
Usually, you IPSec stuff between two network edges, right? Like your
external router to the other team's external router. So, at that point, like
the very outside of all your NAT and routing and stuff, you're doing
excryption things [1]. As far as internal clients know, the network is
running as per usual.
All you need to do for people inside the networks is make sure that they
know how to get to the other side. You can route, apply NAT mappings, use
HOSTS files, basically whatever you like, and it should work fine.
Cheers,
[1] Yeah, well this is a simplified explanation, okay? There are some minor
brain benders in setting up edge routers to do IPSec tunnels in NAT
environments, but nothing too hard.
--
Ben Nagy
Network Consultant, CPM&S Group of Companies
Direct: +61 8 8422 8319 Mobile: +61 414 411 520
-----Original Message-----
From: Jean-Fran�ois Grenier [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 03, 1999 12:52 AM
To: [EMAIL PROTECTED]
Subject: IPSEC + IPNAT possibilities ?
Hi,
Is it possible to use IPNAT with IPSEC ?
Here's the problem :
Supposed that the internal LAN is
192.168.1.0/24 NAT'ted 205.205.102.2/32 portmap tcp/udp 10000:60000
The IPSEC tunnel is
205.205.102.2 to 205.205.103.2
tunnel
10.0.1.0/24 to 10.0.2.0/24
Could it be possible for an internal client (lets say 192.168.1.100) to
reach 10.0.2.0 simply by routing/mapping or do I need something else, like a
proxy ?
Jean-Francois Grenier
Comact Optimisation
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
