Re: [Ipsec-tools-devel] Port usage with IPSec
Brought to you by:
mit_warlord,
netbsd
From: Matthias S. <tr...@zh...> - 2006-01-21 22:14:32
|
On Fri, Jan 20, 2006 at 07:41:52PM -0600, Soung Rim wrote: > Is it possible to have both ESP and AH on to the same IP address but > different ports? For example, You cannot use IPsec AH with NAT at all. IPsec AH considers the changes to the IP header done by a NAT router as tampering with the packet and will drop it. Try to use ESP with encryption *and* authentification (e.g. AES + HMAC-SHA1). Kind regards -- Matthias Scheler http://scheler.de/~matthias/ |