Notes - MIECT
Segurança Em Redes De Comunicações
Notes - MIECT
Segurança Em Redes De Comunicações
  • Segurança Em Redes De Comunicações
  • Corporate Networks Topics
    • Objectives of Network Design
    • Equipments
    • Hierarchical Network Model
    • Modular Network Design
    • Designing the Access Layer
    • Designing the Core Layer
    • Virtual LANs
      • VLANs on Access Points
    • Spanning Tree Protocol
    • IP Routing Overview
  • Introduction to Network Security
    • Type of Attacks
    • Attacks Phases
      • Infiltration Phase
      • Propagation Phase
      • Aggregation and Exfiltration Phase
    • Defenses
    • Security Metrics
  • Network Access Control
    • AAA Architecture
      • TACACS+
      • RADIUS
      • DIAMETER
    • IEEE 802.11 services
    • Joining a BSS
      • WLAN Frames
      • Joining BSS with AP
    • WPA and 802.11i (WPA2)
  • Network Flow Control
    • Network Security Systems
    • Firewalls
    • High-Availability
    • Load Balancing Firewall Load
    • Best Practices and Recommendations
    • IP Spoofing
    • Half-Open TCP Connection Problem
    • DDoS Mitigation at Source
    • Cisco’s Access Control Lists (ACL)
    • Linux IPTables
    • Control By Analysis of Higher Layers
  • Secure Communications
    • Public Key Infrastructure (PKI)
    • X.509 Certificate Contents
    • Traffic Tunnel Concept
      • Next Hop Resolution Protocol (NHRP)
      • Hub-Spoke vs. Spoke-Spoke
    • IPSec
    • Establishing SA and Cryptographic Keys
    • Virtual Private Networks (VPN)
    • Management of Asymmetric Keys
  • Remote Access
    • Remote Access
    • IPsec NAT Transversal
    • Integration with Flow Control
  • Intrusion Detection and Prevention
    • Intrusion Detection and Prevention
    • Host-Based vs. Network-Based
    • Signature vs. Anomaly Based
    • Network Deployment
  • Network Monitoring SIEM
    • Core and End-to-End Monitoring
    • Node Monitoring
    • End-User/Host/App Monitoring
    • Server/Service/Cloud Monitoring
    • Per-Service Detailed Monitoring
    • Data Sources
      • SNMP
      • NetFlow
    • Network Passive Probing Packet Capturing
    • Remote CLI Access
    • Log Files Access
      • Log Management Systems (LMS)
      • Security Information and Events Management (SIEM)
Powered by GitBook
On this page
  1. Remote Access

IPsec NAT Transversal

NAT/PAT incompatibilities with IPsec.

  • AH header incorporates the IP source and destination addresses in the keyed message integrity check. ESP is not an issue.

  • TCP and UDP checksums can be updated because are protected by IPsec.

  • IP addresses may be used as identifiers in Internet Key Exchange to determine credentials.

During the ISAKMP IPsec first phase hosts (when configured and supported) detect that NAT transversal must be activated.

  • Subsequent ISAKMP first-phase and second-phase packets are encapsulated in UDP packets.

    • Usually, port UDP 4500.

  • Original IP addresses are sent as NAT-OA (NAT Original Address) payloads of the ISAKMP.

PreviousRemote AccessNextIntegration with Flow Control

Last updated 2 years ago