[ale] IPSEC Operations Issues

Chris Ricker kaboom at gatech.edu
Mon Sep 30 10:04:26 EDT 2002


On Sun, 29 Sep 2002, Joseph A Knapka wrote:

> Forgive my ignorance, but I have a Cisco VPN client on my Windows
> machine that claims to be IPSec-compatible, and it seems to work
> OK through my PAT firewall. How is this possible, given the nature
> of AH and ESP? Perhaps it is tunnelling the entire IPSec session
> within a normal TCP/IP connection?

Most likely the PAT firewall is ignoring it entirely.  If it's ESP, it's IP 
protocol 50 (ie, the PAT doesn't even see it as being TCP / UDP, so it keeps 
its grubby mitts off it).  If the PAT box is actually modifying the IPSec 
encrypted packets, then I have no idea what's going on ;-)

later,
chris


---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list