From: [EMAIL PROTECTED] > > You *will* require the 'access network' to pass ESP, > > 500/UDP (IKE), and > > 4500/UDP (IPsec NAT-T), of course. > > > > Regarding NAT-T, does it have to be enabled both in > clients and the VPN server ? If yes and if we're > talking about windows clients - does it come bundled > with some external IPsec client or does it have to be > enabled in the windows itself ? (yes I know I can > possibly find this info on the internet, but if you > already know ...).
Windows' native IPsec capabilities leave a lot to be desired. Like Cisco, they've landed on L2TP + IPsec and make too many assumptions in their implementation, IMHO. It can be made to work, by some bending of the Gods' will, but I have never had the patience to go that far with it. I'd say you'll have better luck on Windows using a more standard client implementation such as TheGreenBow or similar. http://www.allard.nu/openbsd/ has some information along these lines. That said, IPsec is an overengineered terror compared to some other tunneling solutions, such as OpenVPN or OpenSSH's tunnel support. For my simple home use, road warrior configuration I tinkered with a Windows system and IPsec for a couple of days and broke down and went OpenVPN. YMMV. DS
