RE: IPSec & NAT

From: RSiddappa@xxxxxxxxxx
Date: Sat Feb 02 2002 - 23:41:20 GMT-3

• Next message: tom cheung: "RE: IPSec & NAT"
• Previous message: tom cheung: "RE: IPSec & NAT"
• Maybe in reply to: RSiddappa@xxxxxxxxxx: "IPSec & NAT"
• Next in thread: tom cheung: "RE: IPSec & NAT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Tom

U are absolutely right.

Little more work for evry one:

what happens if this was an transport mode ?

Rajeev.

-----Original Message-----
From: tom cheung [mailto:tkc9789@hotmail.com]
Sent: Saturday, February 02, 2002 8:38 PM
To: Siddappa, Rajeev; erickbe@yahoo.com; ccielab@groupstudy.com
Subject: RE: IPSec & NAT

I'll take a crack at this.
Typically, gateway to gateway IPSec tunnel are in tunnel mode, with the
original IP header encapsulated with a new IPSec header. The address of new
IPSec header will be the tunnel endpoint you defined. Therefore, depending
on how you have the IPSec tunnel setup, it may or may not have the
registered addresses. To your second point, if you allow everything to be
natted, then nothing will be sent over IPSec as nothing matches access-list
115.

>From: RSiddappa@NECBNS.com
>Reply-To: RSiddappa@NECBNS.com
>To: erickbe@yahoo.com, signal@shreve.net, cchurch@MAGNACOM.com
>CC: ccielab@groupstudy.com
>Subject: RE: IPSec & NAT
>Date: Sat, 2 Feb 2002 19:11:11 -0700
>
>Erick,
>
>I got you.
>
>But One more doubt, what will be the destination address of the packet
>address from private to a private network.
>Will the encrypted packet will have a public IP address assigned to it ?
>and
>then gets decrypted at the other end.
>
>What will happen if I allow that packet to get NATed and after that IPSec.
>(Private addressed traffic)
>
>Rajeev.
>
>
>
>
>-----Original Message-----
>From: Erick B. [mailto:erickbe@yahoo.com]
>Sent: Saturday, February 02, 2002 8:04 PM
>To: Siddappa, Rajeev; signal@shreve.net; cchurch@MAGNACOM.com
>Cc: ccielab@groupstudy.com
>Subject: Re: IPSec & NAT
>
>
>Hi,
>
>Traffic from network 10.50.50.x/24 to network
>10.103.1.x/24 will not be NAT'd. Traffic from network
>10.50.50.x/24 to any other network besides
>10.103.1.x/24 will be NAT'd. Vice versa for other
>router.
>
>This way the 2 private 10.x networks can communicate
>with each other, and traffic from/to other networks
>will get a 99.99.99.x address which is public IP
>space.
>
>HTH, Erick
>
>--- RSiddappa@NECBNS.com wrote:
> > hi Guys,
> >
> > Can some one explain me what's happing with the
> > following 110 access-list.
> >
> >
>http://www.cisco.com/warp/customer/707/overload_private.shtml
> >
> >
> >
> > Rajeev.
> >

• Next message: tom cheung: "RE: IPSec & NAT"
• Previous message: tom cheung: "RE: IPSec & NAT"
• Maybe in reply to: RSiddappa@xxxxxxxxxx: "IPSec & NAT"
• Next in thread: tom cheung: "RE: IPSec & NAT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 20 2002 - 13:46:10 GMT-3