Subject: Re: racoon (ipsec) and NAT
To: None <email@example.com>
From: Perry E. Metzger <firstname.lastname@example.org>
Date: 07/04/2002 18:41:07
> unfortunately, even with the above setup it doesn't work. it is just
> impossible for IPsec to work with NAT, *by nature*. for instance,
> NAT needs to rewrite packet content for FTP and other traffic,
> however IPsec ESP is designed to make it impossible to look at the
> content by encryption.
The easy way to do IPSec via a NAT is to use v6 addresses at both ends
and tunnel v6. Simple, clean, practical, and it even works with most
OSes including Windows.
Perry E. Metzger email@example.com
"Ask not what your country can force other people to do for you..."