IPSEC NAT and Headers

Rick111
Topic Author
Offline
New Member

19 years 11 months ago #3833 by Rick111

IPSEC NAT and Headers was created by Rick111

Would I be correct in thinking that if I've setup IPSEC via windows 2000 group policy to communicate over the [LAN only] with encrypted data, that when my CLIENT trys to connect the internet it will forward to request/data to the NAT server UNENCRYPTED even though it's connected to the LAN??

If you have any questions, as it may read a little unclear, ask away.

sahirh
Offline
Platinum Member

19 years 11 months ago #3841 by sahirh

Replied by sahirh on topic Re: IPSEC NAT and Headers

It will speak IPSEC only between endpoints if I'm not mistaken.

Post if you figure it out.

Best thing to do would be to just sniff while you're communicating in each scenario.

Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com

Chris
Offline
Administrator

19 years 11 months ago #3844 by Chris

Replied by Chris on topic Re: IPSEC NAT and Headers

If I remember correctly, IPSec is negotiated between the two hosts before data is exchanged. So Sahir's correct. IPSec will be used only between endpoints after negotiations.

Cheers,

Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx

Rick111
Topic Author
Offline
New Member

19 years 10 months ago #4280 by Rick111

Replied by Rick111 on topic Re: IPSEC NAT and Headers

Because it sends the data to the default gateway, which is on the LAN the data is encrypted... basically you can't have data between your NAT server and clients encrypted if the data is then to be passed out to the internet, cause the NAT don't strip the encryption, therefore you get request time outs on your web pages...

just little update