Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: IPSEC NAT and Headers

IPSEC NAT and Headers 12 years 6 months ago #3833

  • Rick111
  • Rick111's Avatar
  • Offline
  • New Member
  • Posts: 2
  • Karma: 0
Would I be correct in thinking that if I've setup IPSEC via windows 2000 group policy to communicate over the [LAN only] with encrypted data, that when my CLIENT trys to connect the internet it will forward to request/data to the NAT server UNENCRYPTED even though it's connected to the LAN??

If you have any questions, as it may read a little unclear, ask away.
The administrator has disabled public write access.

Re: IPSEC NAT and Headers 12 years 6 months ago #3841

  • sahirh
  • sahirh's Avatar
  • Offline
  • Honored Member
  • Posts: 1700
  • Karma: 0
It will speak IPSEC only between endpoints if I'm not mistaken.

Post if you figure it out.

Best thing to do would be to just sniff while you're communicating in each scenario.
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
The administrator has disabled public write access.

Re: IPSEC NAT and Headers 12 years 6 months ago #3844

  • Chris
  • Chris's Avatar
  • Offline
  • Administrator
  • Posts: 1446
  • Thank you received: 13
  • Karma: 8
If I remember correctly, IPSec is negotiated between the two hosts before data is exchanged. So Sahir's correct. IPSec will be used only between endpoints after negotiations.

Cheers,
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
The administrator has disabled public write access.

Re: IPSEC NAT and Headers 12 years 5 months ago #4280

  • Rick111
  • Rick111's Avatar
  • Offline
  • New Member
  • Posts: 2
  • Karma: 0
Because it sends the data to the default gateway, which is on the LAN the data is encrypted... basically you can't have data between your NAT server and clients encrypted if the data is then to be passed out to the internet, cause the NAT don't strip the encryption, therefore you get request time outs on your web pages...

just little update
The administrator has disabled public write access.
Time to create page: 0.078 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup