Correct! 2011/12/26 waleed ' <[email protected]>
> > that what I searching for , so at the end in get vpn we ca't use nat > between the GM's > > ------------------------------ > From: [email protected] > Date: Mon, 26 Dec 2011 12:59:26 +0100 > To: [email protected] > > CC: [email protected] > Subject: Re: [OSL | CCIE_Security] GETVPN and NAT > > Diego, All, > > There are two scenarios you must consider: > > (1) GDOI Registration - when GM registers itself to KS, it uses ISAKMP > protocol with standard UDP/500. When there is a NAT between GM and KS (most > likely KS is behind a firewall which statically translated KS' IP address), > the NAT-T works as always, changes UDP/500 to UDP/4500. > > (2) GM-to-GM traffic - which uses ESP (IP Prot 50). If there is NAT > between GM devices, the NAT device in between cannot handle that. In this > case NAT is not supported. There is NO NAT-T used in this case!!! > > Hope this clears the confusion. > > Regards, > Piotr > > > > 2011/12/26 Diego Cambronero <[email protected]> > > Guys I am a little bit confused ESP is IP protocol 50 but it us > encapsulated in port udp 4500 when there is a nat between the peers rigth? > > If there is a GM behind a nat device it uses udp 500 to start isakmp and > then udp 4500 To encapsulate the trafic right? > > > How is the comuniation between a device that is behind a nat and another > that is not behind a nat? > > 4500--->500 > 4500--->4500 > > Or what?? > > > El 25/12/2011, a las 07:40 p.m., Fawad Khan <[email protected]> escribió: > > ESP is a layer protocol itself with number 50 > > > > Nat-t is layer 4 UDp port number 4500 > > > On Sunday, December 25, 2011, Piotr Matusiak < <[email protected]> > [email protected]> wrote: > > NAT-T uses UDP/4500 always. > > > > 2011/12/25 HA Ali < <[email protected]>[email protected]> > >> > >> I have seen in cisco offical docs that GDOI works on 848 UDP and if > NAT-T is enabled it works on 4500 UDP . But in simple vpn setup ( not > getvpn ) we use 4500 for ESP . > >> > >> > >> If GETVPN uses ESP and GDOI how will it work in a NAT-T case ? will > both of them use UDP 4500 > >> > >> ________________________________ > >> From: <[email protected]>[email protected] > >> Date: Sun, 25 Dec 2011 16:42:43 +0100 > >> To: <[email protected]>[email protected] > >> CC: <[email protected]> > [email protected] > >> Subject: Re: [OSL | CCIE_Security] GETVPN and NAT > >> > >> NAT-T is supported between GM and KS. NAT is not supported between GMs. > The only option is to NAT before encryption. > >> > >> Regards, > >> Piotr > >> > >> > >> 2011/12/25 waleed ' < <[email protected]>[email protected]> > >> > >> Dear all , in getvpn there is not nat-t becuase there is no isakmp > between the peers , so how get vpn work if there is nat between tow peers ? > >> _______________________________________________ > >> For more information regarding industry leading CCIE Lab training, > please visit <http://www.ipexpert.com>www.ipexpert.com > >> > >> Are you a CCNP or CCIE and looking for a job? Check out > <http://www.PlatinumPlacement.com>www.PlatinumPlacement.com > >> > >> > >> _______________________________________________ For more information > regarding industry leading CCIE Lab training, please visit > <http://www.ipexpert.com>www.ipexpert.com Are you a CCNP or CCIE and > looking for a job? Check out <http://www.PlatinumPlacement.com> > www.PlatinumPlacement.com > > > > -- > FNK > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit <http://www.ipexpert.com>www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > <http://www.PlatinumPlacement.com>www.PlatinumPlacement.com > > > > _______________________________________________ For more information > regarding industry leading CCIE Lab training, please visit > www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
