cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1077
Views
0
Helpful
1
Replies

Restrictions with NAT and IPsec

egrellet
Level 1
Level 1

What are the restriction(s) to use NAT and IPsec ?

1 Reply 1

sbirn
Level 1
Level 1

The limitation is with AH. The hash check of the

header will fail if it's been modified by a NAT

device from its original address.

If you're doing IPSec from router to router, then

AH probably won't even be needed. If you're

in tunnel mode, esp-3des and esp-sha will encrypt

and perform a hash of the original packet

respectively. You've got a hash of the entire

encapsulated packet, so a hash of the tunnel's

IP header isn't really needed and is basically

wasted CPU.

Steve