Subject: tunnelling and IPNAT (Or IPsec wishing)
To: None <>
From: David Brownlee <>
List: tech-net
Date: 05/07/2003 18:00:07
	This age old chestnut :)

	Assuming the traditional two private networks connected by the

	[internal]------[ IPNAT  ]--<Internet>--[ IPNAT  ]------[internal]
	[ hostsA ]      [gatewayA]              [gatewayB]      [ hostsB ]

	I want to secure traffic between the two networks. I'm quite happy
	for incoming connections to terminate at IPNAT box (so internal
	hostsA can connect to gatewayB but not directly to hostsB, and
	simplarly for hostsB and gatewayA).

	If incoming IPsec was processed before IPNAT, and outgoing IPNAT
	before IPsec then it should be feasible, or (as is likely) am I
	missing something?

		David/absolute          -- No hype required --