[ previous ] [ next ] [ threads ]
 
 From:  Nicolai Scheer <scope at planetavent dot de>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] IPSEC and NAT-T
 Date:  Thu, 09 Mar 2006 23:37:35 +0100
Hi!

Simon Buob schrieb:

[...]
> NO possible cause both Routers MUST support NAT-T - M0n0 doesn not.
> in other words. The Problem is not if the VPN Endpoint is on m0n0 or
> a host behind it. If there is at least one NAT Device both endpoints must
> support NAT-T.

Oh...
I don't know if I got this completely wrong... but:

home - m0n0wall - internet - draytek vpn router

I am at home behind my m0n0wall. I connect to my firm's draytek router
(some 2900...) daily via ipsec vpn... and it works well...

According to what you said, this should not work, since m0n0wall can't
do nat-t...

What's the point there?

And I do not understand, why m0n0wall will manipulate the packets... If
m0n0wall got a public WAN ip and acts as a vpn endpoint, it isn't
neccesary to do any nat there, is it?


Somehow still confused...

thanks for help!

bye,

Nico
signature.asc (0.8 KB, application/pgp-signature)