On Fri, Jul 28, 2006 at 09:29:59AM -0700, jeraklo wrote: > Regarding NAT-T, does it have to be enabled both in > clients and the VPN server ? If yes and if we're > talking about windows clients - does it come bundled > with some external IPsec client or does it have to be > enabled in the windows itself ? (yes I know I can > possibly find this info on the internet, but if you > already know ...).
Yes, both sides must support NAT-T for it to work. AFAIK, most competent clients have this; even the built-in Windows client tries to do it [1]. Joachim [1] Though, in the case I described, it failed miserably. Probably the IP implementation failed, and not IPsec proper, but still...