[Openswan Users] NAT-T & IPSec passthrough

Trevor Benson tbenson at a-1networks.com
Sun May 23 17:11:09 CEST 2004


   Is it correct that you cannot use nat_traversal=yes on both sides of
openswan connections, and connect a roadwarrior from behind one of the
openswans to the other?  Only if nat_traversal=off is ipsec passthrough
enabled, and then you can be behind that firewall, and connect to
another?

   So in essence you must assume which firewall will need passthrough,
and which will need nat_traversal prior to connecting? Is this only for
connecting to another openswan with nat_traversal? 

   I have always been able to connect to Cisco PIX's and routers with
ipsec VPN's without worrying about setting nat_traversal=no in
ipsec.conf on the openswan device, so I assume this is just to other
openswans?  Any help straightening this out is appreciated.

Thanks for any info,
Trevor Benson



More information about the Users mailing list