On 06/07/07 15:57, Jorge Davila wrote:
In your analysis you forget that the packet delivered by the Router A to Router B (or viceversa) is an encrypted packet. Once the packet in decrypted in the other end the headers are the headers of the original packets. Then, the scenary is more funny.
I was aware that IPSec encryption / decryption was going to take place. It is my experience that current IPSec implementations which tunnel traffic do so with the traffic looping through through the kernel twice, once unencrypted and once encrypted then on the receiving end once encrypted and then once decrypted. I was talking about doing the NATing on the unencrypted / decrypted passes, not the encrypted pass.
You are right that including the encryption / decryption in the discussion would have made things much more complex and entertaining to look at.
Thankfully what I was trying to convey is done regardless of IPSec (the way that I have messed with it) so it did not need to come in to the discussion.
Thanks for the pointer. ;) Grant. . . .
