[ale] IPSEC Operations Issues
Chris Ricker
kaboom at gatech.edu
Mon Sep 30 10:04:26 EDT 2002
On Sun, 29 Sep 2002, Joseph A Knapka wrote:
> Forgive my ignorance, but I have a Cisco VPN client on my Windows
> machine that claims to be IPSec-compatible, and it seems to work
> OK through my PAT firewall. How is this possible, given the nature
> of AH and ESP? Perhaps it is tunnelling the entire IPSec session
> within a normal TCP/IP connection?
Most likely the PAT firewall is ignoring it entirely. If it's ESP, it's IP
protocol 50 (ie, the PAT doesn't even see it as being TCP / UDP, so it keeps
its grubby mitts off it). If the PAT box is actually modifying the IPSec
encrypted packets, then I have no idea what's going on ;-)
later,
chris
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
More information about the Ale
mailing list