From: tom cheung (tkc9789@xxxxxxxxxxx)
Date: Sun Feb 03 2002 - 11:42:41 GMT-3
Think this way, IPSec changes the content of the IP packet, including the
header. (excluding mutable fields) Will IPSec work if you NAT after
encryption?
>From: RSiddappa@NECBNS.com
>To: jkaberna@netcginc.com, erickbe@yahoo.com, signal@shreve.net,
>cchurch@MAGNACOM.com, tkc9789@hotmail.com, ben@kesslerconsulting.com
>CC: ccielab@groupstudy.com
>Subject: NAT first and then encrypt it ????(Cisco behavior)
>Date: Sun, 3 Feb 2002 02:53:52 -0200
>
>
>Now, it is clear that NAT will happen first and then the encryption. ( I am
>also thinking that when routing and NAT are together, NAT happens first and
>then Routing).
>
>Question is :
>
>1.Is it Only Cisco implementation that does NAT first then Encrypt or it is
>some standard.?
>2. Was there a reason for them to implement like this or it is the behavior
>of the IOS. ( I was also Just thinking about using NAT and IPSec for some
>VoIP application- just an another problem)
>
>Thank you every one.
>
>Rajeev.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>-----Original Message-----
>From: John Kaberna [mailto:jkaberna@netcginc.com]
>Sent: Saturday, February 02, 2002 8:40 PM
>To: Siddappa, Rajeev; erickbe@yahoo.com; signal@shreve.net;
>cchurch@MAGNACOM.com; tkc9789@hotmail.com; ben@kesslerconsulting.com
>Cc: ccielab@groupstudy.com
>Subject: Re: IPSec & NAT
>
>
>You are basically correct. The actual term is "encapsulating" when talking
>about the packets that go over IPSec using the public address.
>
>John Kaberna
>CCIE #7146
>www.netcginc.com
>(415) 750-3800
>
>Instructor for CCIE R/S and Security 5-day class www.ccbootcamp.com
This archive was generated by hypermail 2.1.4 : Thu Jun 20 2002 - 13:46:14 GMT-3