Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
373
Views
0
Helpful
1
Replies

IPSec used with one-to-many or dynamic NATting

tj6512
Level 1
Level 1

‎08-16-2002 02:08 AM - edited ‎03-02-2019 12:43 AM

Is it true that I cannot have one-to-many or dynamic NATting (on firewall), if I were to use IPSec transport/tunneled-mode AH. Otherwise, all the IPSec packets will be dropped at the remote IPSec peer, due to the fact that the changed SRC address (because of NAT) will fail the cryptographic checksum test performed on the IPSec packets ?

But, if I were to use IPSec transport/tunneled-mode ESP, I can use one-to-many or dynamic NATting (on firewall), because there is no cryptographic checksum test needed to be performed on the IPSec packets at the remote IPSec peer ?

Can you please help me to clarify the above facts ? Thanks !

Labels:
0 Helpful
1 Reply 1

ciscomoderator
Community Manager
Community Manager

‎08-25-2002 02:51 PM

Since there has been no response to your post, it appears to be either too complex or too rare an issue for other forum members to assist you. If you don't get a suitable response to your post, you may wish to review our resources at the online Technical Assistance Center (http://www.cisco.com/tac) or speak with a TAC engineer. You can open a TAC case online at http://www.cisco.com/tac/caseopen

If anyone else in the forum has some advice, please reply to this thread.

Thank you for posting.

0 Helpful
Customers Also Viewed These Support Documents