IPsec from Behind NAT

  • Thread starter Thread starter Robert Hanlon
  • Start date Start date
R

Robert Hanlon

I have two machines in a lab environment. One on an open lan and the other
behind a router/firewall that uses NAT.

I can get the two machines to authenticate to each other or at least that's
the information I'm getting from ipsecmon.

The problem I'm having is after they appear to negotiate security I can't
get them to "talk" to each other anymore.
I can no longer ping (or do anyting icmp related) or Map a network share.
From the machine behind the NAT.

Any help would be greatly appreciated. Let me know if you need any other
info...
 
With relative recent NAT standards, you couldn't use IPSEC
thru NAT. This is because IPSEC encrypts the packet and
the NAT server can't alter the packet to do its NAT
function. I know that the NAT standard that Windows 2003
server uses supposedly allows for this by changing the
packets in a different fashion. I have not tried that yet.
I'd imagine that other router manufacturers have or will
come out with versions that would follow this standard.

regards,
jeff
 
Back
Top