Dave O wrote:
> If I understand your situation correctly, I ran into this same
> recently. IPSEC connections will NOT work when the client is on a
> NATed connection. The reason for this is that an IPSEC packet
> contains both the source and destination addresses. To quote from
> OpenVPN presentation (on their site):
> Because IPSec considered the source and destination addresses to
> bart of the secured payload, it broke interoperability with NAT.
> So, when you try to connect, outgoing packets will contain what I'm
> assuming is a private ip address (e.g., 172.16.3x.x or 10.0.0.x) but
> the connection is actually coming from your public ip (WAN ip) and
> breaks the connection.
> Thus, your alternatives are: 1) establish a connection from a public
> ip address; 2) use PPTP; 3) use OpenVPN.
AFAIK, whether an IPSEC connection will work or not depends on the
IPSEC Client. If the client supports NAT-T you should be able to
connect. I can connect to IPSEC tunnels on SonicWall and NetGear
firewalls at client sites using the NetGear VPN client (SafeNet
branded product) from behind my v1.11 m0n0wall. I also have two
laptops with the SonicWall VPN client that work fine (but to the
To make this work I had to create an inbound NAT for UDP port 500 to
my PC. I think the SonicWall VPN worked but not the NetGear before I
added this rule.
James W. McKeand