Re: [m0n0wall] Using IPsec behind two NATing modems

From:	Pauline Middelink <middelink at polyware dot nl>
To:	=?iso-8859-1?Q?G=FCnther?= Starnberger <Guenther dot Starnberger at cs dot or dot at>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Using IPsec behind two NATing modems
Date:	Mon, 28 Jun 2004 21:02:44 +0200

On Mon, 28 Jun 2004 around 08:14:00 +0200, Günther Starnberger wrote:
> Hi all,
> 
> Is it possible to create an IPsec tunnel with m0n0wall , when both
> m0n0wall boxes are behind modems which do NATing?I'm able to set
> portforwardings on the modems and the default SOA host which receives
> all packets which don't belong to any NATed connection.

Yes, you can. The only problem I have found with such setup is that
the session table inside the modems tends to time-out before the
VPN rekeys. This means on low traffic links (like at night?) the
VPN becomes very unrealiable if not kept alive.

Hint, another reason to have keep alive in VPN links active!!

    Met vriendelijke groet,
        Pauline Middelink
-- 
GPG Key fingerprint = 2D5B 87A7 DDA6 0378 5DEA  BD3B 9A50 B416 E2D0 C3C2
For more details look at my website http://www.polyware.nl/~middelink