Re: [m0n0wall] IPsec Client behind NAT

From:	"Aaron Cherman" <aaronc at morad dot ab dot ca>
To:	"Chris Buechler" <cbuechler at gmail dot com>
Cc:	<m0n0wall at lists dot m0n0 dot ch>
Subject:	Re: [m0n0wall] IPsec Client behind NAT
Date:	Wed, 25 Apr 2007 19:37:47 -0600

>> I'm running 1.3b1 with nothing special other than outbound NAT enabled, 
>> and a number of VLANs.
>>
>> I gave a customer that is trying to connect to an IPsec server behind our 
>> NAT.  If I set him up to use one of our 1:1 public IPs everything works 
>> fine.  If I set him up behind our NAT (10.61/16) it will not connect.
>>
>> I know about the limitations of m0n0wall and NAT-T.
>
> Which don't exist as of one of the 1.3 versions. Maybe not until 1.3b2
> though. Regardless, that only comes into play when m0n0wall is the
> IPsec endpoint.
>
> If you disable source port re-mapping (see advanced outbound NAT) it
> may fix it.

I did try that but it did not help.  I also tried allowing all traffic in on 
the WAN interface destined for the public IP he is routed.

Thanks for your help.


Aaron