Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
924
Views
0
Helpful
1
Replies

Restrictions with NAT and IPsec

egrellet
Level 1
Level 1

‎02-01-2001 03:06 AM - edited ‎02-21-2020 11:16 AM

What are the restriction(s) to use NAT and IPsec ?

Labels:
0 Helpful
1 Reply 1

sbirn
Level 1
Level 1

‎02-02-2001 09:24 AM

The limitation is with AH. The hash check of the

header will fail if it's been modified by a NAT

device from its original address.

If you're doing IPSec from router to router, then

AH probably won't even be needed. If you're

in tunnel mode, esp-3des and esp-sha will encrypt

and perform a hash of the original packet

respectively. You've got a hash of the entire

encapsulated packet, so a hash of the tunnel's

IP header isn't really needed and is basically

wasted CPU.

Steve

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents