Re: ip protocal 50

• From: "David Elmquist" <david@xxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Fri, 8 Feb 2002 00:33:55 +0100

It is however possible to enable ESP to a device in an ISA DMZ zone,
using packet filters.
 
 David Elmquist
 
-----Original Message-----
From: Stefaan Pouseele [mailto:stefaan.pouseele@xxxxxxx] 
Sent: 8. februar 2002 00:12
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: ip protocal 50
 
http://www.ISAserver.org
Hi Gops,
 
ip protocol 50 is ESP (IP Encapsulating Security Payload) and part of
the IPSec standard. If you want to get IPSec through ISA (internal IPSec
VPN client to external IPSec VPN gateway) this will *not* work. ISA is
doing NAPT (Network Address and PortTranslation) and this breaks IPSec.
This is *not* a ISA specific problem but an incompatiblity issue between
NAPT and IPSec. The IETF IPSec working group
(http://www.ietf.org/html.charters/ipsec-charter.html) responsible for
the IPSec standard is very well aware of that problem and is working
hard to solve that problem. In the mean time, the big IPSec vendors
(CheckPoint, Cisco, Redcreek, Nortel, etc...) have already a vendor
specific solution for passing NAPT device. Most of them have some form
of UDP encapsulation of the IPSec traffic to enable passing through NAPT
devices. The only drawback is that those solutions are at the moment
vendor specific. So, the VPN client and Gateway must be from the same
vendor.
 
Regards,
Stefaan
----- Original Message ----- 
From: gops <mailto:gopi.tadi@xxxxxxxxxxxxxxx>  
To: [ISAserver.org <mailto:isalist@xxxxxxxxxxxxx>  Discussion List] 
Sent: Thursday, February 07, 2002 7:53 PM
Subject: [isalist] ip protocal 50
 
http://www.ISAserver.org
HI,
 
Can any one help me out how to enable ip protocol 50 step by step
 
Gops,
 
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
stefaan.pouseele@xxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
<mailto:$subst('Email.Unsub')>  
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
david@xxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » ip protocal 50
• » RE: ip protocal 50
• » Re: ip protocal 50
• » Re: ip protocal 50
• » Re: ip protocal 50
• » Re: ip protocal 50

1. Home
2. isalist
3. Archive
4. 02-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---