On Sun, 23 Jan 2005 13:47:35 +0100, Erik Norgaard <[EMAIL PROTECTED]> wrote: > Hi, > > Due to the problems of IPSec with NAT I was thinking if it is posible to > setup IPSec without Authenticated Headers? Does anyone know of a howto? > > My postulate is that since data is encrypted, this should provide the > same security as SSL/TLS - or better as _all_ protocols are encapsulated > - or did I miss something? > > Thanks, Erik
The AH (Authenticated Header) protocol cannot be used with NAT, NAT modifies the header of packets, while AH is supposed to protect that header from being modified. Another IPSEC protocol ESP (Encrypted Security Payload), both authenticates and encrypts, and thus has no problem with NAT traversal. BTW I am not an IPSEC expert, just scratched its surface a little bit ;) =Adriaan= _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
