From: Erick B. (erickbe@xxxxxxxxx)
Date: Sat Feb 02 2002 - 23:25:30 GMT-3
Rajeev,
I'm not a crypto guru, but will try to answer...
The traffic from/to the private networks that isn't
NAT'd will have a source/destination of that private
network. I believe the original IP packet is
encapsulated in a crypto packet, so when its decrypted
at other end it gets forwarded along using original
addresses.
Please correct me if I'm wrong...
Erick
--- RSiddappa@NECBNS.com wrote:
>
>
> Erick,
>
> I got you.
>
> But One more doubt, what will be the destination
> address of the packet
> address from private to a private network.
> Will the encrypted packet will have a public IP
> address assigned to it ? and
> then gets decrypted at the other end.
>
> What will happen if I allow that packet to get NATed
> and after that IPSec.
> (Private addressed traffic)
>
> Rajeev.
>
>
>
>
> -----Original Message-----
> From: Erick B. [mailto:erickbe@yahoo.com]
> Sent: Saturday, February 02, 2002 8:04 PM
> To: Siddappa, Rajeev; signal@shreve.net;
> cchurch@MAGNACOM.com
> Cc: ccielab@groupstudy.com
> Subject: Re: IPSec & NAT
>
>
> Hi,
>
> Traffic from network 10.50.50.x/24 to network
> 10.103.1.x/24 will not be NAT'd. Traffic from
> network
> 10.50.50.x/24 to any other network besides
> 10.103.1.x/24 will be NAT'd. Vice versa for other
> router.
>
> This way the 2 private 10.x networks can communicate
> with each other, and traffic from/to other networks
> will get a 99.99.99.x address which is public IP
> space.
>
> HTH, Erick
>
> --- RSiddappa@NECBNS.com wrote:
> > hi Guys,
> >
> > Can some one explain me what's happing with the
> > following 110 access-list.
> >
> >
>
http://www.cisco.com/warp/customer/707/overload_private.shtml
> >
> >
> >
> > Rajeev.
> >
>
This archive was generated by hypermail 2.1.4 : Thu Jun 20 2002 - 13:46:10 GMT-3