[Openswan Users] How to work with IPsec behind NAT

[Gagandeep bajaj]

Hi

I am working on IMS and been given the responsibility of implementing IPsec between the user-agent(SIP phone) and our proxy server (P-CSCF). 

the architecture of P-CSCF is like it is an 8 blade server(chassis based) and shows a single IP to the outer world. It has to support IPsec ( key exchange is done at the application level ie. SIP)for both UDP and TCP.

What I want is scalibility like ..

UE ( 40.x.x.x) ---------->  P-CSCF ( internal IP addresses from    
                           (50.x.x.x)   192.168.1.1 to 192.168.1.8)

I want to distribute the IPsec connections made   
onto different blades, so there is no single point of  
failure. Basically, this is  load-balancing  IPsec connections in a 
cluster .

And also, How do i make these connections  redundant over different servers so the SIP phone doesnot have to  redo the whole process of making IPsec with the server on failure. 

Thanks and sorry if this is not the right place to ask... but i have been searching for this for 2 weeks now .. but to no avail .... any pointers would be appreciated ..... 

Thanks again

Gagandeep Bajaj                                
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080225/827ba46b/attachment.html