<HTML>Nachtrag:
Does the RT311 / RT314 support IPSec?
Beginning with version 3.20, IPSec is supported for one PC in header pass thruough mode only.
1. Is it correct that IPSec will only work on 1 PC on the LAN?Yes, The firmware will only Support one client.We know NAT replaces source ports of outgoing packets with random numbers, thus making itself able to forward the incoming responses to the corresponding client that originated the requests. Since the UDP port in the IPSec packet is used for key management and can not be changed by NAT, only one IPSec client is supported by the NAT Table.
2. What configuration is required? A 'Default' server set is required for forwarding inbound IPSec ESP tunneling. It will also be necessary to configure the internal IPSec as a default server (unspecified service port) in menu 15 when it acts as a server gateway.
3. Is there more than one mode of IPSec? Can you explain? IPSec has two protocols, AH (Authentication Header) and ESP (Encapsulating Security Payload). AH is mainly used to provide integrity, but not confidentiality, i.e., you can see it, but can't touch it. ESP hides the packet contents from prying eyes by encryption, i.e., the payload looks like garbage if you don't have the key. IPSec provides two modes of operation, transport mode and tunnel mode. Transport mode is mainly for an IP host to protect the data generated locally, while tunnel mode is for a security gateway (SG) to provide IPsec service for other machines lacking IPSec capability. However, the IPSec hosts and the SG do not have to be separate machines. Both the RT311 & RT314 support IPsec ESP mode, but we do not support IP Sec AH mode. There is a lot of documentation to consult for more information at:
http://www.ietf.org/html.charters/ipsec ... .htmlIPSec AH----RFC 2402IPSec ESP ----RFC 2406
mfg: Netgear
</HTML>