I'm definitely going to have to try this out as soon as I get a chance.
Here's an idea that I'm going to try first. Set up a packet sniffer on a
configuration that actually works and set up inbound port forwarding for the
correct ports to the specific workstation only. Also make sure all outbound
ports are opened up correctly on the router.
Not the prettiest solution but it just might work ;)
Allen
----- Original Message -----
From: "Curtis Call"
To:
Sent: Thursday, April 12, 2001 10:46 AM
Subject: RE: Passing IPSEC packets on DSL [7:321]
> If the DSL router was maintaining the IPSec tunnel then it would work
fine,
> however, if you have a host computer that has an IPSec connection to a
> remote computer and your router is NATing, then that will break it.
>
> At 07:47 AM 4/12/01, you wrote:
> >Yeah his comment makes me curious as to what these DSL router
> >manufacturers have done to make it work. Surely if someone like netgear
> >can make it work Cisco can.
> >
> >-----Original Message-----
> >From: Circusnuts [mailto:[EMAIL PROTECTED]]
> >Sent: Thursday, April 12, 2001 9:08 AM
> >To: [EMAIL PROTECTED]
> >Subject: Re: Passing IPSEC packets on dsl [7:321]
> >
> >Are you sure- my PIX 506 does it with no problem ???
> >
> >----- Original Message -----
> >From: Charles Manafa
> >To:
> >Sent: Thursday, April 12, 2001 8:37 AM
> >Subject: RE: Passing IPSEC packets on dsl [7:321]
> >
> >
> > > VPN does not work when IPSEC packets are NAT'd. One of the reasons why
> >this
> > > doesn't work is that packet authentication will fail when the packet
> >is
> > > NAT'd - the calculated hash will not match after NAT has been applied.
> > >
> > > Charles
> > >
> > > -----Original Message-----
> > > From: Elijah Savage
> > > To: [EMAIL PROTECTED]
> > > Sent: 12/04/01 12:11
> > > Subject: Passing IPSEC packets on dsl [7:321]
> > >
> > > All,
> > >
> > > I purchased a 1605 from eBay for my home lab. I decided to play with
> >it
> > > a bit on my DSL circuit. I am using NAT on this router, and everything
> > > works fine except that now I can't vpn from the inside. Example,
> >trying
> > > to establish a vpn connection from a client on my local network in to
> > > our vpn router at my place of employment. Of course with the netgear
> >dsl
> > > router it passes those ipsec packets. I was wondering if anyone has
> > > tried this before and been able to make this happen.
> > >
> > > Thanks in advance.
> > > FAQ, list archives, and subscription info:
> > > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > > FAQ, list archives, and subscription info:
> >http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >FAQ, list archives, and subscription info:
> >http://www.groupstudy.com/list/cisco.html
> >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >FAQ, list archives, and subscription info:
> >http://www.groupstudy.com/list/cisco.html
> >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=346&t=321
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
