Annotated edit history of
NatTraversal version 6, including all changes.
View license author blame.
Rev |
Author |
# |
Line |
1 |
CraigBox |
1 |
An Internet draft prepared initially by [Cisco], to allow [IPSec] to work over [NAT]. |
|
|
2 |
|
|
|
3 |
In [AH] mode, IPSec headers are signed; any changes to them (like a NAT rewrite for example) will invalidate the header. NAT Traversal lets you tunnel all the [ESP] and [AH] data in packets over [UDP] port 4500, which can have ''their'' headers rewritten all you like. |
|
|
4 |
|
4 |
CraigBox |
5 |
There is a [NAT Traversal patch for FreeS/WAN|http://open-source.arkoon.net/] which has been fully integrated into OpenSwan and StrongSwan. |
1 |
CraigBox |
6 |
|
4 |
CraigBox |
7 |
See also: |
6 |
AndreasSteffen |
8 |
* RFC:3947 Negotiation of NAT-Traversal in the IKE |
|
|
9 |
* RFC:3948 UDP Encapsulation of IPsec ESP Packets |