[ previous ] [ next ] [ threads ]
 From:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] IPsec Client behind NAT
 Date:  Wed, 25 Apr 2007 20:02:40 -0400
On 4/25/07, Aaron Cherman <aaronc at morad dot ab dot ca> wrote:
> I'm running 1.3b1 with nothing special other than outbound NAT enabled, and a number of VLANs.
> I gave a customer that is trying to connect to an IPsec server behind our NAT.  If I set him up to
use one of our 1:1 public IPs everything works fine.  If I set him up behind our NAT (10.61/16) it
will not connect.
> I know about the limitations of m0n0wall and NAT-T.

Which don't exist as of one of the 1.3 versions. Maybe not until 1.3b2
though. Regardless, that only comes into play when m0n0wall is the
IPsec endpoint.

If you disable source port re-mapping (see advanced outbound NAT) it
may fix it.