|
>NAT & IPSEC can get along just fine. Really? I'm no expert, but can you explain how? As I understand it an IPSEC packet it encrypted at the client (my PC) and sent to the server. Now, when it's encrypted at the client I have an internal IP address (in my case 10.100.10.35 for example) and that IP address, in some cases, is embedded in the packet that gets encrypted (FTP being a prime example). Now, since the NAT proxy can't see inside the encrypted packet it has no way of changing that address from the internal one to the external one. I guess for some protocols this wouldn't cause a problem, but for others it will. Even Cisco's write-up on NAT-T says it doesn't solve the embedded ip problem. -Walden ------------ Walden H Leverich III President & CEO Tech Software (516) 627-3800 x11 WaldenL@xxxxxxxxxxxxxxx http://www.TechSoftInc.com Quiquid latine dictum sit altum viditur. (Whatever is said in Latin seems profound.) -----Original Message----- From: pctech-bounces@xxxxxxxxxxxx [mailto:pctech-bounces@xxxxxxxxxxxx] On Behalf Of Vernon Hamberg Sent: Tuesday, 25 January, 2005 08:39 To: PC Technical Discussion for iSeries Users Subject: Re: [PCTECH] Re: Wireless AP with VPN NAT & IPSEC can get along just fine. The LinkSys WRV54G can handle up to 50 tunnels. It is wireless-G, so it's fairly fast. Also is a 4-port full duplex 1/100 switch. At my previous job we used LinkSys' earlier BEFVP41 - up to 70 tunnels. There are also the RV016 and RV082 - 50 tunnels, 16 & 8 wired ports respectively. I don't think any of these use digital certificates for client access - could be wrong, I did just a brief survey of the user guides. They use preshared keys. Maybe this does not matter if going from device to device. HTH Vern At 12:37 AM 1/25/2005, you wrote: >On Mon, 24 Jan 2005 15:10:55 -0700, michael@xxxxxxxxxxxxxxxxxx ><michael@xxxxxxxxxxxxxxxxxx> wrote: > > IPSec...yeah...that's my problem. I was looking at the Linksys BEFSX41 > > router, and thinking of connecting that to my current wireless AP, but > > I don't know if that would buy me anything. I guess I could go > > wired...my house has the connectivity, just need to hook up the patch > > panel, but I'd really like to stay wireless if I could. > >Are there wired Cable/DSL routers that support multiple IPSec >conversations at the same time. I gathered from Walden's comment that >NAT and IPSec don't get along well. > >-- >Tom Jedrzejewicz >tomjedrz@xxxxxxxxx >-- >This is the PC Technical Discussion for iSeries Users (PcTech) mailing list >To post a message email: PcTech@xxxxxxxxxxxx >To subscribe, unsubscribe, or change list options, >visit: http://lists.midrange.com/mailman/listinfo/pctech >or email: PcTech-request@xxxxxxxxxxxx >Before posting, please take a moment to review the archives >at http://archive.midrange.com/pctech. -- This is the PC Technical Discussion for iSeries Users (PcTech) mailing list To post a message email: PcTech@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/mailman/listinfo/pctech or email: PcTech-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/pctech.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.