Skip to main content
IBM 
ShopSupportDownloads
IBM HomeProductsConsultingIndustriesNewsAbout IBM
IBM : developerWorks : Security : Education - online courses
Virtual private networks, Part 1		Download tutorial zip fileView letter-sized PDF fileView A4-sized PDF fileE-mail this tutorial to a friend
Main menuSection menuGive feedback on this tutorialPreviousNext
3. The VPN technology
  


IPSec's interactions II page 8 of 11


Network Address Translation (NAT) maps internal IP addresses and external ones. NAT can be implemented in a firewall or router, and is used to hide address information from the external network. But because it changes address information in the IP datagram, the NAT-ed packet will fail the integrity check of IPSec's AH protocol.

One way around this is for all network elements to use public addressing, thus obviating the need for NAT.

Another would be for the VPN to tunnel everything, which would hide non-public addresses from the network. But this will confuse any packet filters used in the network, perhaps at the router or firewall.


Main menuSection menuGive feedback on this tutorialPreviousNext
PrivacyLegalContact