From owner-freebsd-net  Tue Aug  8  7: 9:21 2000
Delivered-To: freebsd-net@freebsd.org
Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193])
	by hub.freebsd.org (Postfix) with ESMTP id C4E0037B7E8
	for <freebsd-net@FreeBSD.ORG>; Tue,  8 Aug 2000 07:09:12 -0700 (PDT)
	(envelope-from wollman@khavrinen.lcs.mit.edu)
Received: (from wollman@localhost)
	by khavrinen.lcs.mit.edu (8.9.3/8.9.3) id KAA13542;
	Tue, 8 Aug 2000 10:08:03 -0400 (EDT)
	(envelope-from wollman)
Date: Tue, 8 Aug 2000 10:08:03 -0400 (EDT)
From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
Message-Id: <200008081408.KAA13542@khavrinen.lcs.mit.edu>
To: Benjamin Gavin <virtual_olympus@yahoo.com>
Cc: freebsd-net@FreeBSD.ORG
Subject: NATD and non-UDP/TCP packets
In-Reply-To: <20000808004424.2838.qmail@web312.mail.yahoo.com>
References: <20000808004424.2838.qmail@web312.mail.yahoo.com>
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

<<On Mon, 7 Aug 2000 17:44:24 -0700 (PDT), Benjamin Gavin <virtual_olympus@yahoo.com> said:

>   What are the fundamental differences between ESP/AH and TCP/UDP?  Are
> they inherently more complicated to translate,

They are designed to be cryptographically secure, and hence,
impossible to NAT.  If you want to do NAT, you'll have to terminate
the SAs at the boundary and create an appropriate new set for the
``public'' side.

-GAWollman

--
Garrett A. Wollman   | O Siem / We are all family / O Siem / We're all the same
wollman@lcs.mit.edu  | O Siem / The fires of freedom 
Opinions not those of| Dance in the burning flame
MIT, LCS, CRS, or NSA|                     - Susan Aglukark and Chad Irschick


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message