Thank You Paul for the comment. Regards Anantha Subramanian Natarajan
On Sun, Apr 11, 2010 at 6:32 PM, Paul Stewart <[email protected]> wrote: > I agree with Brandon that this has to do with nat. AH will not work > with NAT, but that doesn't mean that your ASA is always doing NAT. > The ASA Algorithm (adaptive stateful algorithm) is the crux of the > inspects. While this can do manipulation for traffic that needs it > with NAT, inspection will occur without nat. It appears to me that > you can use this to assign parameters like timeout and per-client-max > to AH and/or ESP sessions that are inspected with the ipsec-pass-thru > inspection. However without NAT, is this really "ipsec-pass-thru"? > It seems that the particular terminology was probably okay at one > point, but possibly the feature was later extended to AH and the > terminology should just be "inspect ipsec" as opposed to "inspect > ipsec-pass-thru". Anyway that's just my guess, I haven't validated > it. > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
