Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 15 Nov 2003 10:24:09 -0800
From:      "Crist J. Clark" <>
To:        "Oldach, Helge" <>
Subject:   Re: IPSec VPN & NATD (problem with alias_address vs redirect_addr ess)
Message-ID:  <>
In-Reply-To: <>
References:  <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Sat, Nov 15, 2003 at 07:54:40AM +0100, Oldach, Helge wrote:
> From: Crist J. Clark []
> > On Fri, Nov 14, 2003 at 06:22:55PM +0100, Helge Oldach wrote:
> > > Nothing that works well and has noticeable exposure is useless. This
> > > definitely has both. Not with FreeBSD, though. It does work with Windows
> > > 2000 SP4, to put a name up... So it's definitely out there.
> > 
> > Two different ESP end points behind many-to-one NAT connected to a
> > single ESP end point on the other side of the NAT? I'd be very curious
> > to get the documentation on how they are cheating to get that to work.
> You have posted a reference already. W2k SP4 supports UDP encapsulation of
> IPSec. And yes, it works fine, and reliably. Further, all of Cisco's and
> Checkpoints VPN gear support IPSec-over-UDP as well. This alone is >70%
> market share.

Oh, yeah, I know of UDP or TCP encapsulation tricks that work. I have
dealt with several of these implementations too. I thought that you
were implying that there were working NAT implementations that could
deal with ESP in these circumstances.
Crist J. Clark                     |
                                   |    |

Want to link to this message? Use this URL: <>