[Openswan Users] How to work with IPsec behind NAT
gagandeep_bajaj at rediffmail.com
Mon Feb 25 04:53:53 EST 2008
I am working on IMS and been given the responsibility of implementing IPsec between the user-agent(SIP phone) and our proxy server (P-CSCF).
the architecture of P-CSCF is like it is an 8 blade server(chassis based) and shows a single IP to the outer world. It has to support IPsec ( key exchange is done at the application level ie. SIP)for both UDP and TCP.
What I want is scalibility like ..
UE ( 40.x.x.x) ----------> P-CSCF ( internal IP addresses from
(50.x.x.x) 192.168.1.1 to 192.168.1.8)
I want to distribute the IPsec connections made
onto different blades, so there is no single point of
failure. Basically, this is load-balancing IPsec connections in a
And also, How do i make these connections redundant over different servers so the SIP phone doesnot have to redo the whole process of making IPsec with the server on failure.
Thanks and sorry if this is not the right place to ask... but i have been searching for this for 2 weeks now .. but to no avail .... any pointers would be appreciated .....
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users