Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ISAKMP and NAT

I've configure a PIX using IPsec (ESP-DES) and ISAKMP with a non CISCO

device.

Between the equipments a router configured with NAT (Cisco 3620)

translates only addresses through a static one-to-one nat rule.

It works fine, but I need answer to one main question:

How it works if the ISAKMP protocol specifies that the "cookie" that

must be created to exchange data for the SA is dependent from the source

address, destinantion address and port numbers carried by the

packet ?

I need this answer to prove that no relaxing of the protocol was

develop to achieve this feature and the NAT isn't creating a lack of

security.

1 REPLY
Cisco Employee

Re: ISAKMP and NAT

Cisco support ipsec standard. Try this for possible explanation:

http://www.ietf.org/html.charters/ipsec-charter.html .

Regards,

107
Views
0
Helpful
1
Replies
CreatePlease login to create content