Skip to main content

IPSEC NAT and Headers

More
20 years 6 months ago #3833 by Rick111
IPSEC NAT and Headers was created by Rick111
Would I be correct in thinking that if I've setup IPSEC via windows 2000 group policy to communicate over the [LAN only] with encrypted data, that when my CLIENT trys to connect the internet it will forward to request/data to the NAT server UNENCRYPTED even though it's connected to the LAN??

If you have any questions, as it may read a little unclear, ask away.
More
20 years 6 months ago #3841 by sahirh
Replied by sahirh on topic Re: IPSEC NAT and Headers
It will speak IPSEC only between endpoints if I'm not mistaken.

Post if you figure it out.

Best thing to do would be to just sniff while you're communicating in each scenario.
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
More
20 years 6 months ago #3844 by Chris
Replied by Chris on topic Re: IPSEC NAT and Headers
If I remember correctly, IPSec is negotiated between the two hosts before data is exchanged. So Sahir's correct. IPSec will be used only between endpoints after negotiations.

Cheers,
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
More
20 years 4 months ago #4280 by Rick111
Replied by Rick111 on topic Re: IPSEC NAT and Headers
Because it sends the data to the default gateway, which is on the LAN the data is encrypted... basically you can't have data between your NAT server and clients encrypted if the data is then to be passed out to the internet, cause the NAT don't strip the encryption, therefore you get request time outs on your web pages...

just little update
Time to create page: 0.130 seconds