On 3/9/06, Nicolai Scheer <scope at planetavent dot de> wrote:
> I am at home behind my m0n0wall. I connect to my firm's draytek router
> (some 2900...) daily via ipsec vpn... and it works well...
> According to what you said, this should not work, since m0n0wall can't
> do nat-t...
NAT-T applies to the device that terminates the IPsec connections. In
this case, the Draytek must support NAT-T, or what you describe
wouldn't work. If you replace the Draytek with a m0n0wall, that same
setup wouldn't work.
When the client is behind NAT, the terminating device has to support
NAT-T (and have it enabled).