From: Petr Lapukhov (petr@internetworkexpert.com)
Date: Mon Dec 18 2006 - 10:28:45 ART
This is so-called "IPsec-aware" NAT. It uses "SPI matching" techinque,
to build (multiplex) NAT translation entriesfor ESP packets, and requires
boxes on the both sides to support "predictive" SPI generation algorithm.
Generally, such technique is considered "obsolete" since NAT-T provides more
robust and transparent functionality.
2006/12/18, Ivan Ivanov <ivanov.ivan@gmail.com>:
>
> Hi,
>
> I found this new feature for IOS 12.2(13)T
>
>
> http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t13/ftnatesp.htm
>
> I have not tested it yet, but I think that this is also for Remote
> Access connections, not for L2L.
>
> But you can try.
>
>
>
> --
> Best Regards!
>
> Ivan Ivanov
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
-- Petr Lapukhov, CCIE #16379 (R&S/Security) petr@internetworkexpert.comInternetwork Expert, Inc. http://www.InternetworkExpert.com
This archive was generated by hypermail 2.1.4 : Tue Jan 02 2007 - 07:50:38 ART