On Tue, Feb 06, 2007 at 09:42:12PM -0800, Brian Neu wrote: > OK, umm, tried NAT-T -- no good. It might be the Linksys clients, > but they seem to support NAT-T in the documentation.
For what it's worth, it's not just you - having trouble persuading third party ipsec clients to work with NAT is normal. Some of them just don't, some of them will only do it if you do things to them that aren't documented. (I am very happy that I no longer have to deal with ipsec in any form) > I'm going to give installing on the firewall a shot, but that mucks > up my architecture badly between owners of equipment in this data > center. The 'right' workaround is to get another internet-routable IP address assigned for the VPN server. Then you can keep it behind the firewall, just don't NAT any of the ipsec traffic. My understanding is that this is the approach taken by most people running large ipsec deployments, because trying to get NAT to work reliably is such a pain. ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
