On Wed, Feb 27, 2002 at 01:47:04PM -0500, Matthew Galgoci wrote:
:
: Does your client support tunneling ipsec over udp? You need this in order to
: be able to pass through nat.
Actually, you don't. It just makes it possible to have multiple clients
behind a masq gateway. AH doesn't NAT, ESP can go through NAT. 99.999999%
of all IPSec client implementations are ESP. The problem is when a NAT
device/firewall mangles the source port on IKE packets, which are both
src/dst udp/500.
--
Jason Costomiris <>< | Technologist, geek, human.
jcostom {at} jasons {dot} org | http://www.jasons.org/
Quidquid latine dictum sit, altum viditur.
My account, My opinions.
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
