(NAT-T RFC-3715, RFC-3947 and RFC-3948)
Since m0n0wall 1.3b2 supports NAT-T, I would like to know what
successes / failures users have experienced. Some questions I have:
1) Compatibility with "IPSec Passthrough". A Juniper Netscreen tech
note states "Make sure IPSec Passthrough is disabled on the Linksys
router. IPSec Passthrough will break NAT Traversal functionality."
Is this true?
2) Does the auto-negotiation ('enable') reliably work, , or does
forcing NAT-T on ('force') or 'off' usually required?
3) Is the extra overhead noticeable enough to motivate users to not
use NAT-T if it is not required?
4) Does the IPSec host endpoint address behind the NAT need to match
the actual private address, or can any endpoint address be used as
Hopefully we can generate a good discussion for the archives.
Thanks in advance.