no nat please
bosse+netfilter at klykken.com
Thu Nov 4 19:53:47 CET 2004
On Thu, Nov 04, 2004 at 11:56:54AM -0600, Les Mikesell wrote:
> However there is a new standard
> for NAT traversal for IPsec and a recent Windows update adds
> it for win2k and XP. I don't know if it needs additional support
> at the NAT gateway or if you need matching versions at both
> ends, though.
Yes, IPSEC borks when one of the endpoints goes through NAT. I agree
with Les, you seem to need NAT-T, and both the server and client need
to support this, so check your VPN documentation.
I don't think that there's any need in configuring anything specific
on the NAT gateway, as long as the firewall allows UDP port 4500
(NAT-T) to flow.
Bosse Klykken - http://www.klykken.com/~bosse
Keep staring. I might do a trick.
More information about the netfilter