On Tue, Oct 14, 2003 at 10:07:45AM -0700, Crist Clark wrote:
Yes, it does work, on a small scale. However what if your neighbor wants to IPSEC to the same place (say you work at the same place). If both of you are NAT'd from the same IP address trying to IPSEC to the same IP address? I don't believe things will work in this instance.
why not? We use it here, works fine (with certificates for auth).
OK, let's do this one more time. Many-to-one NAT of a many-to-one ESP VPN does not work. (Period)
I'm doing a shortcut here: I didn't want to say I'm using "pure standard IPsec" (2401/2409) here. For me extensions like NAT-T or DPD are part of IPsec too although they are still in the draft state. They just make IPsec more usable as in this case here... I know the additional encapsulation isn't a nice thing with NAT-T but at least it works :] (don't look at L2TP via IPsec if you don't like additional encapsulations - nevertheless it seems to be the future of Windows-VPNs :( ). tschuess Stefan -- Stefan Mink, Schlund+Partner AG (AS 8560) Primary key fingerprint: 389E 5DC9 751F A6EB B974 DC3F 7A1B CF62 F0D4 D2BA