On Wednesday 07 July 2004 10:11 pm, Sven Schuster wrote:
> Hi Antony,
>
> On Wed, Jul 07, 2004 at 09:54:52PM +0100, Antony Stone told us:
> > ESP is for tunnel mode, and works fine through NAT.
> >
> > Transport mode uses AH (protocol 51), and that's the one which breaks
> > through NAT.
>
> Isn't using AH or ESP independent from tunnel/transport mode?? AH
> mode is just authentication, ESP is authentication + encryption. You
> can use AH with tunnel mode and ESP with transport mode like you
> wish I think.
Hm, not sure about this - I've never wanted a VPN without encryption, so I've
not experimented with AH tunnels.
Also, if you can do transport mode with ESP, then it should work through NAT
without problems, because the original packet gets encapsulated (as per my
previous explanation).
Regards,
Antony.
--
"There is no reason for any individual to have a computer in their home."
- Ken Olsen, President of Digital Equipment Corporation (DEC, later consumed
by Compaq, later merged with HP)
Please reply to the list;
please don't CC me.
