Subject: Re: racoon (ipsec) and NAT
To: Pierre Bourgin <>
From: None <>
List: tech-net
Date: 07/05/2002 06:14:12
>My explanations anyway were not enough understandable I think. I don't have
>a "random" NAT system in-between the two tunnel sides: the NAT system has a
>reserved (fixed) IP adress to do the mapping between this internal IP
>address and the public one, and does nothing else with these "reserved"  

	unfortunately, even with the above setup it doesn't work.  it is just
	impossible for IPsec to work with NAT, *by nature*.  for instance,
	NAT needs to rewrite packet content for FTP and other traffic,
	however IPsec ESP is designed to make it impossible to look at the
	content by encryption.