06-30-2001
NAT Breaks IPSEC (VPNs)
NAT (Network Address Translation) is not compatible with most VPN technologies. If the VPN is IPSEC based this is certainly the case. Cryptographic systems that use IPSEC (or similar techology) insure the integrity of the IP packet by running cryptographic checksum (kinda) algorithm against the packet. If the packet has changed, it will be dropped.
NAT changes the IP address in the head. This is a violation of the integrity checking mechanism of IPSEC. This is a big problem with NAT. You should consider turning off NAT if you want a clean, not kludgy VPN solution.
If you are not sure of this reply, please post the details of what cryptographic protocols are being used in the VPN tunnel. I can help you if you provide the details on how the tunnel is operating.
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hello all,
Can someone instruct me on how to change the listening port for ftp ( or any tcp service) from 21 to another port number? Thanks in advance..
-AJ (3 Replies)
Discussion started by: jacobsa
3 Replies
2. UNIX for Dummies Questions & Answers
Just starting to work with unix, wondering if there is any good on-line documentation explaining TCP/UDP ports, how to use them, etc...
Thanks.... (1 Reply)
Discussion started by: eugene_mayo
1 Replies
3. IP Networking
Just wondering if anyone knows of any good on-line documentation on TCP/UDP Ports. Basically i want to know how to check if they are in use, learn how to close them, etc...
Thanks... (5 Replies)
Discussion started by: eugene_mayo
5 Replies
4. UNIX for Advanced & Expert Users
What is the maximum number of TCP ports that can be consumed at any one time? How can I determine what the number is or increase it?
I was under the impression that with our system (UnixWare 7.1.1) 1024 was the maximum under our current Kernel tuning parms, but I think that is really just... (4 Replies)
Discussion started by: dlkox
4 Replies
5. Windows & DOS: Issues & Discussions
In using a music file sharing program (WinMx), I am told that I
cannot make a primary connection (fastest downloads) because I do not
have a TCP and UDP port. I am running Windows Me.What do I do? Thanks. (6 Replies)
Discussion started by: dookster5
6 Replies
6. UNIX for Advanced & Expert Users
hi,
I'm currently running with an issue whereby we are experiencing very poor access speeds to our Informix database. Connections or requests to the DB are taking in excess of 2/3/4 minutes during peek periods during the day. This has only just started to happen but so far we have been unable to... (0 Replies)
Discussion started by: fastyan
0 Replies
7. UNIX for Dummies Questions & Answers
I'm not sure if this is the right place for this post, but I'd be grateful if somebody could please help me. I'm trying to open ports 999, 1982 and 1983 but am not having much luck. I used
iptables -A INPUT -i eth0 -p tcp --sport 999 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i... (2 Replies)
Discussion started by: thehaapyappy
2 Replies
8. IP Networking
Please can somebody help me. I'm trying to open ports 999, 1982 and 1983 but am not having much luck. I used
iptables -A INPUT -i eth0 -p tcp --sport 999 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --sport 1982 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables... (5 Replies)
Discussion started by: thehaapyappy
5 Replies
9. Solaris
Hello,
One of our developers is asking for a command/script in Solaris similar to "netstat -anp" in Linux. He gave this output as an example:
root@xxx:~# netstat -anp | grep LISTEN
tcp 0 0 0.0.0.0:7937 0.0.0.0:* LISTEN 16082/nsrexecd
tcp 0 ... (7 Replies)
Discussion started by: vimes
7 Replies
10. Shell Programming and Scripting
My requirement is
I need to write a program in shell scripting to check 2 TCP unused unique port numbers in SOLARIS and I have to lock the same ports so that it will not be used in any other new process and the same port numbers should be used and locked in the LINUX machine to communicate... (2 Replies)
Discussion started by: sreeramr30
2 Replies
LEARN ABOUT DEBIAN
aseqnet
aseqnet(1) General Commands Manual aseqnet(1)
NAME
aseqnet - ALSA sequencer connectors over network
SYNOPSIS
aseqnet [remotehost]
DESCRIPTION
aseqnet is an ALSA sequencer client which sends and receives event packets over network. Suppose two hosts connected by network, hostA as
a server and hostB as a client. The ALSA sequencer system must be running on both hosts. For creating the server port, run the following
on hostA:
hostA% aseqnet
sequencer opened: 128:0
Then a user client 128 with port 0 was opened on hostA. (The client number may vary.) For creating the (network-)client port, run aseqnet
with the hostname of the server:
hostB% aseqnet hostA
sequencer opened: 132:0
Now all events sent to hostA:128:0 are transferred to hostB:132:0, and vice versa.
The ports created by aseqnet can be connected arbitrary to other sequencer ports via aconnect(1). For example, to connect hostB:132:0 to a
MIDI output device 65:0:
hostB% aconnect 132:0 65:0
Then events to hostA:128:0 will be delivered to hostB:65:0. The following command plays MIDI on hostB.
hostA% pmidi -p 128:0 foo.mid
The multiple clients may exist simultaneously. If hostC is connected as a client to hostA, events from from hostA are sent to all con-
nected network clients, i.e. hostB and hostC. However, only one connection is allowed from a client to a server.
To disconnect network, stop all clients before server by ctrl-C or sending signal to them. The server will automatically quit.
OPTIONS
-p port
Specify the TCP port number or TCP service name.
-s addr
Subscribe to the given address for read automatically.
-d addr
Subscribe to the given address for write automatically.
-v Verbose mode.
SEE ALSO
aconnect(1), pmidi(1)
AUTHOR
Takashi Iwai <tiwai@suse.de>.
January 1, 2000 aseqnet(1)