[ previous ] [ next ] [ threads ]
 From:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] IPSEC and NAT-T
 Date:  Thu, 9 Mar 2006 17:47:57 -0500
On 3/9/06, Nicolai Scheer <scope at planetavent dot de> wrote:
> I am at home behind my m0n0wall. I connect to my firm's draytek router
> (some 2900...) daily via ipsec vpn... and it works well...
> According to what you said, this should not work, since m0n0wall can't
> do nat-t...

NAT-T applies to the device that terminates the IPsec connections.  In
this case, the Draytek must support NAT-T, or what you describe
wouldn't work.  If you replace the Draytek with a m0n0wall, that same
setup wouldn't work.

When the client is behind NAT, the terminating device has to support
NAT-T (and have it enabled).