[Openswan Users] Problem with a client behind a double NAT

Paul Wouters paul at xelerance.com
Mon Mar 29 15:03:46 EDT 2010

On Mon, 29 Mar 2010, alet at librelogiciel.com wrote:

> One of our clients has a particular setup :
> PCs <-> NAT Box <-> NAT Box <-> ISP <-> Internet <-> Our VPN
>           #1          #2
> His DSL modem/router/NAT box (#2) is the property of his ISP, and only
> his ISP can access to it and manage it to change its configuration, a
> boring process... This box also does IP phone and TV.
> I know he has asked his ISP to have their own NAT box forward all
> packets to his own box, behind which some PCs are servers, and so he can
> modify the configuration easily, but can such a setup work at all ?
> Currently only the ISAKMP SA can be established. Is there something to
> take care of or to ask his to ISP wrt the configuration of #2 ?

It should work, provided there are no IP clases (his NAT range lives
at your server end too)

We'd have to look at logs to tell you more.


More information about the Users mailing list