Subject: Re: ipsec after nat
To: Mipam <email@example.com>
From: None <firstname.lastname@example.org>
Date: 01/12/2001 14:12:20
>Is it possible to let ipsec (esp in tunnel mode in this case) on a natting
>machine take place after nat has been done?
>The only other way would be not to have the tcp header being encrypted by
>esp if there exists such an implementation at all cause i didnt see rfc
>2406 state something about that at all.
ipsec and nat are inherently unfriendly so i don't think there's
any good/generic solution. some wants to NAT inside header
(your case - don't know why), some wants to avoid NAT for inside
header if it is subject to ESP tunnel (so that .