mh (RE: OMB: IPv6 by June 2008)
Crist Clark
crist.clark at globalstar.com
Fri Jul 8 21:20:33 UTC 2005
Fred Baker wrote:
[snip]
> A NAT, in that context, is a stateful firewall that changes the
> addresses, which means that the end station cannot use IPSEC to
> ensure that it is still talking with the same system on the outside.
[snip]
No, you can't use AH, but yes, you can use IPsec through NAT. See RFC3947
and RFC3948. But it is not pretty.
--
Crist J. Clark crist.clark at globalstar.com
Globalstar Communications (408) 933-4387
More information about the NANOG
mailing list