Re: ip protocal 50
- From: "Stefaan Pouseele" <stefaan.pouseele@xxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 8 Feb 2002 00:12:24 +0100
Hi Gops,
ip protocol 50 is ESP (IP Encapsulating Security Payload) and part of the IPSec
standard. If you want to get IPSec through ISA (internal IPSec VPN client to
external IPSec VPN gateway) this will *not* work. ISA is doing NAPT (Network
Address and PortTranslation) and this breaks IPSec. This is *not* a ISA
specific problem but an incompatiblity issue between NAPT and IPSec. The IETF
IPSec working group (http://www.ietf.org/html.charters/ipsec-charter.html)
responsible for the IPSec standard is very well aware of that problem and is
working hard to solve that problem. In the mean time, the big IPSec vendors
(CheckPoint, Cisco, Redcreek, Nortel, etc...) have already a vendor specific
solution for passing NAPT device. Most of them have some form of UDP
encapsulation of the IPSec traffic to enable passing through NAPT devices. The
only drawback is that those solutions are at the moment vendor specific. So,
the VPN client and Gateway must be from the same vendor.
Regards,
Stefaan
----- Original Message -----
From: gops
To: [ISAserver.org Discussion List]
Sent: Thursday, February 07, 2002 7:53 PM
Subject: [isalist] ip protocal 50
http://www.ISAserver.org
HI,
Can any one help me out how to enable ip protocol 50 step by step
Gops,
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
stefaan.pouseele@xxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
