[Openswan Users]

Brian Candler B.Candler at pobox.com
Sun May 14 21:25:15 CEST 2006


On Sun, May 14, 2006 at 05:35:11PM +0200, Paul Wouters wrote:
> It is likely Microsoft
> and Cisco have done this. I am not sure about OSX. I'm pretty sure no open
> source software has fixed this before us.

>From testing eval units, I've found that the following commercial products
support multiple Microsoft L2TP/IPSEC clients sitting behind the same NAT
firewall:

* Cisco IOS (not old versions, must have "set nat demux" feature)
* Juniper ERX

But the Juniper Netscreen doesn't. (The netscreen also doesn't support PSK
from dynamic IP addresses, so forces you to use certificates. The others
allow either)

Regards,

Brian.


More information about the Users mailing list