spacer TechWeb
Planet IT
Planet IT
Other IT Web Sites


 Browse Planet IT
  Enterprise Apps
    & Systems
  Management Issues
  Mobile & Wireless

 Members Only
  Ask The Experts

 Public Pages
  Product Reviews
  Technology Features
  Trends Features

  Planet IT Tour
  Contact Us
  Forgot Your Password?
  Forgot Your User Name?
  Join Planet IT
  Member Log-In

 Fine Print
  Privacy Statement
  Who We Are

TechWeb Sites
  eBusiness Expo
  File Mine
  Network Computing
  PC Expo
  TechWeb News
  TechWeb Today
  Wall Street &

spacer spacer spacer spacer
Home : Security : Firewalls : Technology Feature
Why Can't IPsec and NAT Just Get Along?
by Mike Fratto
[ November 20, 2000 ]

Both IPsec and NAT have been with us for some time, but making them play together has been hard work. To IP gurus, NAT (Network Address Translation) is an ugly kludge because it changes the way IP works at a fundamental level. To you, the network manager responsible for handling network-addressing issues, NAT is often your friend, regardless of whether you're at a large ISP or enterprise, or at an SME (small-to-medium enterprise). Why? Because NAT lets you hide networks and hosts in a variety of ways. Likewise, IPsec (IP security) is your friend because you can securely connect remote offices and users over the Internet.

However, the architecture of the IPsec protocol suite and the dearth of IPsec-aware NAT devices have created problems in getting the two to work together seamlessly. The simplest solution is to have a broadband router that performs NAT and VPN (virtual private networking) on the same device, so you don't have to muck around making IPsec and NAT play nice. But because you don't always have that luxury, you should know about some of the ways vendors are addressing the IPsec-NAT issue and its implications. (For more information on NAT, see "Network Address Translation: Hiding in Plain Sight"; for more information on IPsec, see "Identifying a VPN for Your Company".)

NAT Forms

There are two primary NAT implementations. Dynamic address NAT assigns a temporary external IP address to a private IP address, translating only the IP address. Dynamic address NAT is used mostly in dial-up or in on-demand connections in which remote connections go up and down frequently (see " Dynamic Address NAT," at right). While the remote user is connected, he or she is assigned a single IP address; once that user disconnects, the IP address is released to be reused at a later time.

Page:1 | 2 | 3 | 4 | 5 | 6 | 7
  Next Page: next page
Write an online comment and share your thoughts on this technology feature with other Planet IT members!

print print this article
email e-mail this article
discuss discuss this article
Related Links
Wireless Overcomes Security Woes

Security Made Simple

Shunning: Good or Bad?

VPN Service Models: Split Decisions

Emerging Technology: Create Order with a Strong Security Policy


 Define an IT Term
spacer spacer
Desktop Systems, Linux,Windows 2000

E-Commerce, New Economy, Web D&D

Enterprise Apps & Systems
Data Management, Enterprise Apps, Storage

Management Issues
Careers & Training, Executive Strategies,
Mobile & Wireless
Notebooks, PDAs & Handhelds, Wireless Nets and Devices

Advanced IP Services, Network & Systems Management, Network Systems

Defensive Tools, Firewalls, Hostile Content

CMPnet spacer