[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Remote access from NAT domains



This behaviour is documented at
http://www.linuxdoc.org/HOWTO/VPN-Masquerade-HOWTO-6.html.

Andrew
--------------------------------------
Beauty with out truth is insubstantial.
Truth without beauty is unbearable.


> -----Original Message-----
> From: owner-ietf-ipsra@xxxxxxxxxxxxx
> [mailto:owner-ietf-ipsra@xxxxxxxxxxxxx]On Behalf Of Scott G. Kelly
> Sent: Friday, April 14, 2000 1:29 PM
> To: Mike Borella
> Cc: W. Mark Townsley; Jim Tiller; ietf-ipsra@xxxxxxxx
> Subject: Re: Remote access from NAT domains
>
>
> Mike Borella wrote:
> >
> > I believe that the Linux NAT guesses SPI to host mappings.
> Supposedly this
> > works reasonably well in some situations, though it is
> admittedly not robust.
> >
> > And there always is RSIP, which allows translation
> transparency and IPSEC at the
> > cost of
> > a little more work on the part of the host and gateway.
> >
> > -Mike
> >
>
> Yes, I have used the linux nat implementation in this manner.
> I think it
> only has problems if 2 hosts behind the box use the same spi
> (not likely
> if they use random spi's).
>
> Does anyone have any sense of when we will begin to see
> commercial rsip
> deployments?
>
> Scott
>