Subject: Re: tunnelling and IPNAT (Or IPsec wishing)
To: David Brownlee <email@example.com>
From: Curt Sampson <firstname.lastname@example.org>
Date: 05/08/2003 22:08:50
On Wed, 7 May 2003, David Brownlee wrote:
> [internal]------[ IPNAT ]--<Internet>--[ IPNAT ]------[internal]
> [ hostsA ] [gatewayA] [gatewayB] [ hostsB ]
> I want to secure traffic between the two networks....
> If incoming IPsec was processed before IPNAT, and outgoing IPNAT
> before IPsec then it should be feasible, or (as is likely) am I
> missing something?
I don't see where NAT is involved at all. Just run IPSec in tunnel
mode between A and B (or use a GRE tunnel between A and B, and encrypt
communications between A and B with non-tunnel-mode IPSec) and you're set.
Just don't expect to be able to use IPFilter on any of the traffic
between the two hosts or networks.
Curt Sampson <email@example.com> +81 90 7737 2974 http://www.netbsd.org
Don't you know, in this new Dark Age, we're all light. --XTC