[c-nsp] A bit of backup on IPSEC/GRE/NAT

Gert Doering gert at greenie.muc.de
Mon Nov 6 02:10:25 EST 2006


On Sun, Nov 05, 2006 at 09:00:44PM -0500, Tuc at T-B-O-H.NET wrote:
> 	So, next I re-ip the one on my laptop for it
> to appear to be behind a consumer wireless router.
> I open up and forward ports 500 and 4500 to it. I
> change the configs what I THINK is correct.  No work... 
> It looks like the IPSec is happy, I see what seems 
> like the session being up, but it looks like the GRE 
> is having serious issues. 

You need to have the consumer router forward IPSEC packets as well 
(IP protocol 50) - or enable NAT-Traversal on both sides.

Besides this, things look fine.

USENET is *not* the non-clickable part of WWW!
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de

More information about the cisco-nsp mailing list