|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: James F. Hranicky (jfh
cise.ufl.edu)Date: Thu Feb 07 2002 - 16:18:23 CST
Garrett Wollman <wollmankhavrinen.lcs.mit.edu> wrote:
>
> > - IPSEC routers have to basically be the border router for
> > a site, as there is no post-decryption NAT protocol to
> > get packets back to a router on the inside of the network
> > (Apparently, Cisco VPN boxes have this capability, but
> > it's an add-on to IPSEC AFAICT).
>
> IPSEC is designed to thwart processes which corrupt packet headers
> (including NAT).
In my scenario, NAT would occur after decryption, allowing IPSEC routers
to be placed at arbitrary points in the internal net. As I understand it,
CISCO's VPN box does just that.
Thanks for your input.
Jim
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]