All,
My understanding is that static NAT (one-to-one mapping) will only work on
ESP IPSEC, since the authentication in ESP covers the ESP header all the
way into the ESP trailer.
However, static NAT should NOT work on AH traffic, since the authentication
INCLUDES the IP address. Changing the IP address will invalidate the
authentication and cause the packet to be rejected.
Or so I understand.
-David Cavuto
At 02:34 PM 3/29/00 -0600, [EMAIL PROTECTED] wrote:
>Bob is absolutely right, static NAT will work and my error might well have
>been assuming that Sebastian's original request implied a random internal
>host. If it's a fixed host and you have an external address to can use
>for static NAT then IPSec will work.
>
>
>-- Bill Stackpole, CISSP
-------------------------
David J. Cavuto, Systems Engineer
Lucent Security Products - http://www.lucent.com/security
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
