itojun@iijlab.net writes:
> 	unfortunately, even with the above setup it doesn't work.  it is just
> 	impossible for IPsec to work with NAT, *by nature*.  for instance,
> 	NAT needs to rewrite packet content for FTP and other traffic,
> 	however IPsec ESP is designed to make it impossible to look at the
> 	content by encryption.

The easy way to do IPSec via a NAT is to use v6 addresses at both ends
and tunnel v6. Simple, clean, practical, and it even works with most
OSes including Windows.

-- 
Perry E. Metzger		perry@piermont.com
--
"Ask not what your country can force other people to do for you..."