|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Block all servers?
On Tue, Oct 14, 2003 at 10:07:45AM -0700, Crist Clark wrote:
> > > Yes, it does work, on a small scale. However what if your neighbor
> > > wants to IPSEC to the same place (say you work at the same place).
> > > If both of you are NAT'd from the same IP address trying to IPSEC
> > > to the same IP address? I don't believe things will work in this
> > > instance.
> >
> > why not? We use it here, works fine (with certificates for auth).
>
> OK, let's do this one more time. Many-to-one NAT of a many-to-one ESP VPN
> does not work. (Period)
I'm doing a shortcut here: I didn't want to say I'm using "pure standard
IPsec" (2401/2409) here. For me extensions like NAT-T or DPD are part
of IPsec too although they are still in the draft state. They just
make IPsec more usable as in this case here...
I know the additional encapsulation isn't a nice thing with NAT-T
but at least it works :] (don't look at L2TP via IPsec if you
don't like additional encapsulations - nevertheless it seems to
be the future of Windows-VPNs :( ).
tschuess
Stefan
--
Stefan Mink, Schlund+Partner AG (AS 8560)
Primary key fingerprint: 389E 5DC9 751F A6EB B974 DC3F 7A1B CF62 F0D4 D2BA
Attachment:
pgp00019.pgp
|