[42164] in North American Network Operators' Group
IPSEC and PAT
daemon@ATHENA.MIT.EDU (Vandy Hamidi)
Thu Sep 13 19:47:12 2001
Message-ID: <912A91BC69F4D3119D1B009027D0D40C01BB459C@exchange1.secure.insweb.com>
From: Vandy Hamidi <vhamidi@insweb.com>
To: nanog@merit.edu
Date: Thu, 13 Sep 2001 16:44:57 -0700
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Errors-To: owner-nanog-outgoing@merit.edu
I know that in Tunnel Mode, IPsec can be NATed and PATed (without IKE on UDP
500 being used), but as I'm trying to break down the process of how it is
working, I've been stumped by this:
NAT - Changes source IP during translation
PAT - Changes source IP and TCP/UDP port to another to track multiple to one
translations.
My question is, how does PAT track the packets with their internal hosts
when there is not a TCP/UDP header to translate.
How does it know which "internal" host a returning ESP packet must be
forwarded to after it un PATs the incoming packet?
thanks and I hope this isn't a totally stupid question. If it is, humor me
;),
-=Vandy=-
