[Openswan Users] NAT not needed on both sides

jacco2 jacco2 at dds.nl
Tue Apr 6 23:36:17 CEST 2004

On Tue, Apr 06, 2004 at 08:34:18PM +0200, Marcel J.E. Mol wrote:
> In my case A is the ipsec 'server' receiving the connections.
> Host B are the roadwarriors initation the connections.
> So does this mean B does not need special support for nat-t?

If you are using nat_traversal=no and it works anyway, you are 
using a feature of your NAT device called IPsec passthrough.
These are mutually exclusive, so should you want to use NAT-T
after all, you must disable IPsec passthrough.

Jacco de Leeuw            mailto:jacco2 at dds.nl
Zaandam, The Netherlands  http://www.jacco2.dds.nl

More information about the Users mailing list