On 23-Aug-2000 Ben Nagy wrote:
> IPSec uses UDP port 500 for IKE (key negotiation).
>For IPSec to work a firewall _also_ needs to pass IP
>protocols 50 and 51 (ESP and AH). IPSec
> hates NAT. [2]
True but.. IPSEC will work with NAT depending on the
details.. terminate the tunnel then nat, nat then
tunnel.. use tunnel mode esp etc.. Then you have
Nortel contivity client (which is IPSEC) working
through IPmasq and compatible systems (now cisco)
client that works great through a nat firewall (IPSEC
tunneled inside fake http..) then you have the
infoexpress (NOT ipsec) tunnel that works through NAT
and proxies...
acs
_______________________
Aaron C. Springer
[EMAIL PROTECTED]
pgp key published
_______________________
__________________________________________________
Do You Yahoo!?
Yahoo! Mail - Free email you can access from anywhere!
http://mail.yahoo.com/
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
