Cisco VPN (Advanced users please)

comsolve, Aug 28, 2:47am
Cisco VPN (Advanced users please) I want to setup an IPSec VPN connection with Cisco equipment. Is it true that NAT screws IPSec? One end will be NAT (client/originator end) and the other direct connection (server/terminator end).

gordon.smith, Aug 30, 6:57am
NAT breaks VPN's because of the address translation - the hash of the packet won't be what the other side expects to see, so it drops the packet(that's a simplified version, but gives you the general idea)
Why do you want to NAT a VPN?


comsolve, Aug 30, 2:07pm
because the connection that I am using here in Australia is a NAT/DynIP connectionspew...

gordon.smith, Aug 30, 7:42pm
Pick an adress range (rfc1918) that doesn't clash with the far end, and add a static route at each end to route down the tunnel. If you're tunneling to something like a Netscreen, you can run a client app that allows tunneling across a nat connection from the pc.

Share this thread

Buy me a coffee :)Buy me a coffee :)