Ipsec

What NAT ALGs does CDRouter test?

CDRouter includes test cases for the following NAT ALGs: FTP DNS ICMP H.323 (outbound and inbound) MSN Messenger RTSP SIP IPSEC (IKE and IPSEC ESP) PPTP CDRouter also runs several applications through the device under test that do not require a full NAT ALG. These include: HTTP HTTPS SMTP POP3 TFTP

What is IPSEC SPI Tracking?

SPI tracking is a technique some vendors use to support IPSEC pass through with multiple IPSEC streams. It is not perfect since SPI conflicts can still occur and the router can not change the SPI, but it does work most of the time. The router can look at the SPI to distinguish one IPSEC stream from another. For more information please see http://www.microsoft.com/technet/community/columns/cableguy/cg0802.mspx

IPSEC pass through testing

IPSEC pass through is a technique for allowing IPSEC packets to pass through a NAT router. By itself, IPSEC does not work when it travels through NAT. Newer IKE and IPSEC implementations support NAT-Traversal which is a technique to detect NAT and switch to UDP encapsultion for IPSEC ESP packets. However, many router vendors have developed a “pass through” technique that allows IPSEC packets to pass through NAT without NAT-T support. Read more...