m0n0wall settings to allow IPSEC (without NAT)?

From:	"Michael A. Alderete" <lists dash 2003 at alderete dot com>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	m0n0wall settings to allow IPSEC (without NAT)?
Date:	Tue, 14 Nov 2006 12:09:58 -0800

It is my understanding from reading the manual and the list archives that
m0n0wall does not support NAT-Traversal, and so you cannot use VPN software
through a m0n0wall box.

That is, this configuration cannot be made to work:

PowerBook w/  <-->  m0n0wall  <--> (internet) <--> Central Office w/
Cisco VPN           using                          Cisco VPN
Client              NAT                            Server
192.168.1.3


What I would like to know is, if I have an open interface on my m0n0wall
box (a Soekris net4801), what would the configuration be that would let me
use the Cisco VPN client over that connection? I have an extra IP address
from my ISP.

In other words, given an extra routable IP address and a spare interface,
is it possible to configure m0n0wall to allow VPN connections over that
interface?

Thanks!

Michael

P.S. Are there any plans to do away with the lack of NAT-Traversal? From my
reading, it sounds like it would require moving off of FreeBSD 4.x. But as
security requirements continue to be raised, it seems like it's kind of
important to allow people to use their work VPN connections.
-- 

_____________________________________________________________
Michael A. Alderete           <mailto:lists dash 2003 at alderete dot com>
                                     <http://www.alderete.com>