On Thu, 15 Aug 2002, GnatBox User wrote: > David, > > We do this all the time. We connect to a Nortel Extranet switch via VPN with > the Nortel Networks Extranet Client Access program Ver. V02_62.33 through > our GB-1000 which is NATing all our traffic. > > All it requires is that you allow UDP port 500 for IKE and then ESP protocol > (protocol 50) outbound. These are the two components of IPSEC. > > The person at the company you are working with may be thinking of > Microsoft's implementation of NAT which does not preserve the source port > and therefore breaks IPSEC.
maybe. possibly they were thinking of IPSEC with AH, which can't be made to work with NAT either... --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archive of the last 1000 messages: http://www.mail-archive.com/[email protected]
