------- Original Message -------
Sender : MVATNAL SUNIL<[EMAIL PROTECTED]> ??/N/W R&D Team/Samsung Electronics
Date : Oct 26, 2004 17:52
Title : Re: RE: [Sip-implementors] ALG in SIP networks with TLS and/or IPSec
security
Hi Damir,
The NAT is being used at the edge of the private network. All the traffic leaves and
enters the NAT. Please see the simple acrhitecture below.
Private network
|
|
ALG
|
|
NAT
|
|
TCP/IP
|
|
Public Network
When IPSec and TLS are used in the above architecture, how the ALG is going to
function since the data is encrypted?
Thanks and regards,
- sunil vatnal
------- Original Message -------
Sender : Bilajbegovic Damir<[EMAIL PROTECTED]>
Date : Oct 26, 2004 17:20
Title : RE: [Sip-implementors] ALG in SIP networks with TLS and/or IPSec
security
I think the question is where do you put NAT?
Where is the NATs place and what is your (planned) network arhitecture...
Best Regards,
Damir Bilajbegovic
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of MVATNAL SUNIL
Sent: Tuesday, October 26, 2004 10:13 AM
To: [EMAIL PROTECTED]
Subject: [Sip-implementors] ALG in SIP networks with TLS and/or IPSec
security
Hi,
My question is on functionalities of the ALG used with NAT in SIP networks
with security mechanisms like TLS and/or IPSec.
Please read the following paragraphs first.
The NAT (Network Address Translator) modifies IPv4 addressing, and takes
special care of protocols such as UDP and TCP to avoid port conflicts and it
may also carry out port number translation.
When NAT is used in SIP networks, the IPv4 address is copied into the
protocol data and thus becomes impossible for the NAT to translate it
without using an ALG (Application Level Gateway). The ALG performs special
translation not only for the IP addresses and port numbers but also within
the payload (voice/data). As new protocols are created, new ALGs may have to
be added in order for the applications to work.
My question :
In the above scenario (NAT used in SIP networks), if the security mechanisms
TLS and IPSec are used, what functionalities should the ALG have?
The main task of the ALG is to take care of the addresses and port numbers
changed by NAT. But, these addresses and port numbers are encypted and
encapsulated by IPSec and TLS mechanisms. How does ALG work in this
situation?
Also, please provide me any information or example implementations or white
papers on the above scenario.
Lots of thanks,
- sunil vatnal
_______________________________________________
Sip-implementors mailing list
[EMAIL PROTECTED]
http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
_______________________________________________
Sip-implementors mailing list
[EMAIL PROTECTED]
http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
