Iptables, nat, and IPSec

dave beach drbeach at rogers.com
Thu Apr 7 00:42:38 CEST 2005


> So you have to activate on your clients the NAT-T "feature" and be sure
the other side supports it too.

Okay, so if I understand correctly it's a matter of configuring both sides
of the IPSec connection in accordance with their NAT-Traversal settings, and
any intermediate NATting device is blissfully oblivious.

So, clearly, my next step is to figure out if Nortel's Contivity server and
client software support NAT-Traversal, and I can stop looking at my iptables
box and router.

More information about the netfilter mailing list