[ previous ] [ next ] [ threads ]
 
 From:  "Steve Thomas" <sthomas at consultant dot com>
 To:  "Michael A. Alderete" <lists dash 2003 at alderete dot com>, m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] m0n0wall settings to allow IPSEC (without NAT)?
 Date:  Tue, 14 Nov 2006 16:32:09 -0500
I have no problem doing either of these:

WinXP/SonicWall Client  <-->  m0n0wall  <--> (internet) <--> Central Office/SonicWall

WinXP/PPTP  <-->  m0n0wall  <--> (internet) <--> Central Office/PIX501



> ----- Original Message -----
> From: "Michael A. Alderete" <lists dash 2003 at alderete dot com>
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: [m0n0wall] m0n0wall settings to allow IPSEC (without NAT)?
> Date: Tue, 14 Nov 2006 12:09:58 -0800
> 
> 
> It is my understanding from reading the manual and the list archives that
> m0n0wall does not support NAT-Traversal, and so you cannot use VPN software
> through a m0n0wall box.
> 
> That is, this configuration cannot be made to work:
> 
> PowerBook w/  <-->  m0n0wall  <--> (internet) <--> Central Office w/
> Cisco VPN           using                          Cisco VPN
> Client              NAT                            Server
> 192.168.1.3
> 
> 
> What I would like to know is, if I have an open interface on my m0n0wall
> box (a Soekris net4801), what would the configuration be that would let me
> use the Cisco VPN client over that connection? I have an extra IP address
> from my ISP.
> 
> In other words, given an extra routable IP address and a spare interface,
> is it possible to configure m0n0wall to allow VPN connections over that
> interface?
> 
> Thanks!
> 
> Michael
> 
> P.S. Are there any plans to do away with the lack of NAT-Traversal? From my
> reading, it sounds like it would require moving off of FreeBSD 4.x. But as
> security requirements continue to be raised, it seems like it's kind of
> important to allow people to use their work VPN connections.
> --
> 
> _____________________________________________________________
> Michael A. Alderete           <mailto:lists dash 2003 at alderete dot com>
>                                       <http://www.alderete.com>
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch

>