Re: [m0n0wall] m0n0wall settings to allow IPSEC (without NAT)?

From:	Lee Sharp <leesharp at hal dash pc dot org>
To:	"Michael A. Alderete" <lists dash 2003 at alderete dot com>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] m0n0wall settings to allow IPSEC (without NAT)?
Date:	Tue, 14 Nov 2006 15:28:32 -0600

On Tue, 2006-11-14 at 12:09 -0800, Michael A. Alderete wrote:
> It is my understanding from reading the manual and the list archives that
> m0n0wall does not support NAT-Traversal, and so you cannot use VPN software
> through a m0n0wall box.
> 
> That is, this configuration cannot be made to work:
> 
> PowerBook w/  <-->  m0n0wall  <--> (internet) <--> Central Office w/
> Cisco VPN           using                          Cisco VPN
> Client              NAT                            Server
> 192.168.1.3

This configuration works fine.  The problem comes in when you fire up
that second toshiba laptop from the office and try to VPN in as well.
The office sees your IP already connected, and it fails.  NAT-T allows
you to have more that one system connect to the office.