Cisco will NAT-T with any standard device. I have a IOS box acting as VPN concentrator for remote linux boxes using OpenSwan. They all does NAT-T. At the Cisco, you will have to configure dynamic cryptomaps instead of tradionally static ones. Also, the concentrator will not be able to start the IPSec connections if there is no static/forward NAT at the remote site to forward packets to your box. If this is no problem for you, a nat hide will be all that you need.
On 2/9/07, André L. <[EMAIL PROTECTED]> wrote:
OK. We do just some NAT on the border device (IOS_router) and open the needed ports udp/500 (IKE), ESP and udp/4500 (NAT-T). Without NAT-T (in case of Cisco on the remote site) no tunnel can be established. Right? -- Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
