[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]


On Sun, Aug 11, 2002 at 05:40:15PM +0200, Jens Hafner wrote:
> directly connected to the Internet (e.g. by a dialup connection). Things
> start to break as soon as I connect the laptop to my private network
> ( whose default gateway is a debian (woody, kernel
> 2.2.19) box. I configured the gateway to accept protocol 50 packages and
> port 500 connections in the following way:

IPsec can not pass through a NAT gateway.  If you think about it, it's
pretty easy to see why:  Part of what IPsec guarantees is that the
packets arrive at their destination with their headers in an unmodified
state.  Part of what NAT does is modify the packet headers.  That's a
fundamental conflict.

There isn't anything you can do on the Linux end to allow your Win2k
system to be able to traverse a NAT gateway.  There are proposed
extensions to IPsec that are intended to allow it to traverse NAT
gateways, but Win2k probably doesn't support them out of the box.


| Web: http://web.morgul.net/~frodo/
| PGP Public Key: http://web.morgul.net/~frodo/mail.html 

Attachment: pgpwSuA7U306q.pgp
Description: PGP signature

Reply to: