Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

How does IPsec work with network address translation (NAT)?

address IPSEC NAT Network Translation
0
Posted

How does IPsec work with network address translation (NAT)?

0 CommentsAdd a Comment

1 Answer

0

NAT is incompatible with Authentication Header protocol, whether used in transport or tunnel mode. An IPsec VPN using AH protocol digitally signs the outbound packet, both data payload and headers, with a hash value appended to the packet. When using AH protocol, packet contents (the data payload) are not encrypted. Why this bothers NAT is the last part: a NAT device in between the IPsec endpoints will rewrite either the source or destination address with one of its own choosing. The VPN device at the receiving end will verify the integrity of the incoming packet by computing its own hash value, and will complain that the hash value appended to the received packet doesn’t match. The VPN device at the receiving end doesn’t know about the NAT in the middle, so it assumes that the data has been altered for nefarious purposes. IPsec using Encapsulating Security Payload in tunnel mode encapsulates the entire original packet (including headers) in a new IP packet. The new IP packet’s source

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.