Subject: Re: ipsec after nat
To: Mipam <>
From: None <>
List: tech-net
Date: 01/12/2001 14:12:20
>Is it possible to let ipsec (esp in tunnel mode in this case) on a natting
>machine take place after nat has been done?
>The only other way would be not to have the tcp header being encrypted by
>esp if there exists such an implementation at all cause i didnt see rfc
>2406 state something about that at all.

	ipsec and nat are inherently unfriendly so i don't think there's
	any good/generic solution.  some wants to NAT inside header
	(your case - don't know why), some wants to avoid NAT for inside
	header if it is subject to ESP tunnel (so that .