Hello Edwin;
Generally speaking IPSEC passthru means that if you initiate the IKE
connection on UDP/500 outbound then the inbound connection will be sent
back to your "internal" IP by the proxy/firewall, and thereafter the
IP/50 (ESP) traffic then can return to your PC and a tunnel built. This
is a common feature of the Linksys firewall (and other) products.
This approach is really terrific if you are ONLY ONE user behind such a
device that supports NAT.
However, if you have mulitiple devices on the inside of that
proxy/firewall then your HOST VPN target device (Cisco PIX, Cisco VPN
3000 series or other VPN concentrator) must enable NAT traversal so the
client software can build the IPSEC session over UDP instead of IP/50.
So the clue is: If you have a NAT device to the Internet and you have
multiple users needing to VPN outbound, use isakmp nat-traversal (ok, so
that is a Ciscoism) on the host PIX.
Chris Johnston
714-306-5746
949-653-8819 (fax)
Cannot find REALITY.SYS. Universe halted.
-------------------------------------------------------------------
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Edwin Humphries
Sent: Sunday, July 20, 2003 8:52 PM
To: [EMAIL PROTECTED]
Subject: VPN
Can anyone tell me (briefly please) the difference between IPSec pass
through and
NAT traversal?
Do RedHat 7.2 or later support them? Note: the RedHat box is a router,
and is not
running any VPN servers or clients.
Edwin Humphries,
Ironstone Technology Pty Ltd
[EMAIL PROTECTED]
www.ironstone.com.au
Phone: 02 4233 2285
Fax: 02 4233 2299
Mobile: 0419 233 051
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list
