North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Block all servers?
On Tue, Oct 14, 2003 at 10:07:45AM -0700, Crist Clark wrote: > > > Yes, it does work, on a small scale. However what if your neighbor > > > wants to IPSEC to the same place (say you work at the same place). > > > If both of you are NAT'd from the same IP address trying to IPSEC > > > to the same IP address? I don't believe things will work in this > > > instance. > > > > why not? We use it here, works fine (with certificates for auth). > > OK, let's do this one more time. Many-to-one NAT of a many-to-one ESP VPN > does not work. (Period) I'm doing a shortcut here: I didn't want to say I'm using "pure standard IPsec" (2401/2409) here. For me extensions like NAT-T or DPD are part of IPsec too although they are still in the draft state. They just make IPsec more usable as in this case here... I know the additional encapsulation isn't a nice thing with NAT-T but at least it works :] (don't look at L2TP via IPsec if you don't like additional encapsulations - nevertheless it seems to be the future of Windows-VPNs :( ). tschuess Stefan -- Stefan Mink, Schlund+Partner AG (AS 8560) Primary key fingerprint: 389E 5DC9 751F A6EB B974 DC3F 7A1B CF62 F0D4 D2BA Attachment:
pgp00019.pgp
|