[ previous ] [ next ] [ threads ]
 
 From:  Lonnie Abelbeck <abelbeck at abelbeck dot com>
 To:  m0n0wall List <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] m0n0wall settings to allow IPSEC (without NAT)?
 Date:  Tue, 14 Nov 2006 16:16:45 -0600
While we are on this subject...

Is it true that NAT-T and a local router set for "VPN Pass- 
through" (either IPSec or PPTP) do not work together?  They are  
mutually exclusive?

If so, then when accessing your local m0n0wall VPN endpoint via a  
public WiFi, NAT-T will probably not work since most public access  
routers are set for "VPN pass-through". (... assuming at a future  
time when NAT-T is supported in m0n0wall)

Or, am I totally confused?

Lonnie


On Nov 14, 2006, at 3:28 PM, Lee Sharp wrote:

> On Tue, 2006-11-14 at 12:09 -0800, Michael A. Alderete wrote:
>> It is my understanding from reading the manual and the list  
>> archives that
>> m0n0wall does not support NAT-Traversal, and so you cannot use VPN  
>> software
>> through a m0n0wall box.
>>
>> That is, this configuration cannot be made to work:
>>
>> PowerBook w/  <-->  m0n0wall  <--> (internet) <--> Central Office w/
>> Cisco VPN           using                          Cisco VPN
>> Client              NAT                            Server
>> 192.168.1.3
>
> This configuration works fine.  The problem comes in when you fire up
> that second toshiba laptop from the office and try to VPN in as well.
> The office sees your IP already connected, and it fails.  NAT-T allows
> you to have more that one system connect to the office.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>