IPSec through my firewall
Ola Nilsson
ola at fam-nilsson.org
Tue Feb 15 16:15:46 CET 2005
Hie,
I would've tried something different if I had the possibility to
choose. This is a solution chosen by the company I work for.
Are you sure about that IPSec can't be NATed? NAT-T is kind of meant to
handle just that. Also, my colleagues have no trouble through
e.g. D-Link routers. The ISAKMP part NATs just fine...
Regards,
/Ola
Michael Gale <michael.gale at utilitran.com> writes:
> Hello,
>
> You can not NAT ESP (protocol 50) traffic. Some IPSEC clients
> and servers support NATing but I believe this requires special
> implementation on the client and server end.
>
> If you want to NAT a VPN tunnel I suggest you try a SSL base
> VPN. OpenVPN works well, you could also try TCP or UDP encapsulation
> to help get around the NAT issue.
>
> Michael.
--
/Ola Nilsson
More information about the netfilter
mailing list