Thank You Brandon Regards Anantha Subramanian Natarajan
On Sun, Apr 11, 2010 at 8:35 PM, Brandon Carroll <[email protected]>wrote: > I agree Paul. It may be the context that the author is in, or it could be > an older code prior to the new VPN-passthrough. > > Regards, > > Brandon Carroll - CCIE #23837 > Senior Technical Instructor - IPexpert > Mailto: [email protected] > Telephone: +1.810.326.1444 > Live Assistance, Please visit: www.ipexpert.com/chat > eFax: +1.810.454.0130 > > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco > CCIE (R&S, Voice, Security & Service Provider) certification(s) with > training locations throughout the United States, Europe, South Asia and > Australia. Be sure to visit our online communities at > www.ipexpert.com/communities and our public website at www.ipexpert.com > > On Apr 11, 2010, at 4:32 PM, Paul Stewart <[email protected]> wrote: > > > I agree with Brandon that this has to do with nat. AH will not work > > with NAT, but that doesn't mean that your ASA is always doing NAT. > > The ASA Algorithm (adaptive stateful algorithm) is the crux of the > > inspects. While this can do manipulation for traffic that needs it > > with NAT, inspection will occur without nat. It appears to me that > > you can use this to assign parameters like timeout and per-client-max > > to AH and/or ESP sessions that are inspected with the ipsec-pass-thru > > inspection. However without NAT, is this really "ipsec-pass-thru"? > > It seems that the particular terminology was probably okay at one > > point, but possibly the feature was later extended to AH and the > > terminology should just be "inspect ipsec" as opposed to "inspect > > ipsec-pass-thru". Anyway that's just my guess, I haven't validated > > it. > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
