2012年3月5日 星期一

NAT traversal and IPsec

In order for IPsec to work through a NAT, the following protocols need to be allowed through the NAT interface(s), eg. the LAN router:
or, in case of NAT-T:
  • IKE - UDP port 500
  • IPsec NAT-T - UDP port 4500
Often this is accomplished on home routers by enabling "IPsec Passthrough".
In Windows XP, NAT-T is enabled by default, but in XP with SP2, has been disabled by default for the case when the VPN server is also behind a NAT device, because of a rare and controversial security issue[1]. IPsec NAT-T patches are also available for Windows 2000, Windows NT and Windows 98.
One usage of NAT-T and IPsec is to enable opportunistic encryption between systems. NAT-T allows systems behind NATs to request and establish secure connections on demand.

沒有留言:

張貼留言

DNSSEC安全技術簡介 作者:游子興 / 臺灣大學計算機及資訊網路中心網路組約聘幹事 DNS 是一套已經廣泛使用的Internet 服務,但因先天的技術限制導致容易成為駭客攻擊的目標。本文主要在介紹DNSSEC 之緣起與技術背景,及其使用的加解密技術如何確保資料的完整...