Re: ip protocal 50

• From: "gops" <gopi.tadi@xxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Fri, 8 Feb 2002 20:23:13 +0530

Can u pl. tell me the process how to do it.

Gops
  ----- Original Message ----- 
  From: David Elmquist 
  To: [ISAserver.org Discussion List] 
  Sent: Friday, February 08, 2002 5:03 AM
  Subject: [isalist] Re: ip protocal 50


  http://www.ISAserver.org


  It is however possible to enable ESP to a device in an ISA DMZ zone, using 
packet filters.

   

   David Elmquist

   

  -----Original Message-----
  From: Stefaan Pouseele [mailto:stefaan.pouseele@xxxxxxx] 
  Sent: 8. februar 2002 00:12
  To: [ISAserver.org Discussion List]
  Subject: [isalist] Re: ip protocal 50

   

  http://www.ISAserver.org

  Hi Gops,

   

  ip protocol 50 is ESP (IP Encapsulating Security Payload) and part of the 
IPSec standard. If you want to get IPSec through ISA (internal IPSec VPN client 
to external IPSec VPN gateway) this will *not* work. ISA is doing NAPT (Network 
Address and PortTranslation) and this breaks IPSec. This is *not* a ISA 
specific problem but an incompatiblity issue between NAPT and IPSec. The IETF 
IPSec working group (http://www.ietf.org/html.charters/ipsec-charter.html) 
responsible for the IPSec standard is very well aware of that problem and is 
working hard to solve that problem. In the mean time, the big IPSec vendors 
(CheckPoint, Cisco, Redcreek, Nortel, etc...) have already a vendor specific 
solution for passing NAPT device. Most of them have some form of UDP 
encapsulation of the IPSec traffic to enable passing through NAPT devices. The 
only drawback is that those solutions are at the moment vendor specific. So, 
the VPN client and Gateway must be from the same vendor.

   

  Regards,

  Stefaan

    ----- Original Message ----- 

    From: gops 

    To: [ISAserver.org Discussion List] 

    Sent: Thursday, February 07, 2002 7:53 PM

    Subject: [isalist] ip protocal 50

     

    http://www.ISAserver.org

    HI,

     

    Can any one help me out how to enable ip protocol 50 step by step

     

    Gops,

     

    ------------------------------------------------------
    You are currently subscribed to this ISAserver.org Discussion List as: 
stefaan.pouseele@xxxxxxx
    To unsubscribe send a blank email to $subst('Email.Unsub') 

  ------------------------------------------------------
  You are currently subscribed to this ISAserver.org Discussion List as: 
david@xxxxxxxxxx
  To unsubscribe send a blank email to $subst('Email.Unsub') 

  ------------------------------------------------------
  You are currently subscribed to this ISAserver.org Discussion List as: 
gopi.tadi@xxxxxxxxxxxxxxx
  To unsubscribe send a blank email to $subst('Email.Unsub') 

Other related posts:

• » ip protocal 50
• » RE: ip protocal 50
• » Re: ip protocal 50
• » Re: ip protocal 50
• » Re: ip protocal 50
• » Re: ip protocal 50

1. Home
2. isalist
3. Archive
4. 02-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---