[Openswan Users] NAT not needed on both sides
jacco2 at dds.nl
Tue Apr 6 23:36:17 CEST 2004
On Tue, Apr 06, 2004 at 08:34:18PM +0200, Marcel J.E. Mol wrote:
> In my case A is the ipsec 'server' receiving the connections.
> Host B are the roadwarriors initation the connections.
> So does this mean B does not need special support for nat-t?
If you are using nat_traversal=no and it works anyway, you are
using a feature of your NAT device called IPsec passthrough.
These are mutually exclusive, so should you want to use NAT-T
after all, you must disable IPsec passthrough.
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users