Re: [m0n0wall] nat-t and ipsec limitations

From:	Chris Buechler <cbuechler at gmail dot com>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] nat-t and ipsec limitations
Date:	Thu, 5 Jan 2006 22:01:37 -0500

On 1/3/06, Jeff Buehler <jeff at buehlertech dot com> wrote:
> Hi all -
>
> I am a little confused about the specific limitations of ipsec tunnels
> in m0n0wall based on the lack of nat-t support in the Freebsd kernel.
> What I need to do is create an ipsec tunnel between two m0n0wall's, and
> then have client workstations(which are NAT'd) behind the first access a
> NAT'd Exchange Server 2003 system behind the other. Will I have problems
> with this,
>

No.  This doesn't affect site to site IPsec, only IPsec VPN client
machines that are behind NAT.  Like a road warrior scenario with a
laptop connecting back to m0n0wall for remote access.

-Chris