[c-nsp] A bit of backup on IPSEC/GRE/NAT

Gert Doering gert at greenie.muc.de
Mon Nov 6 02:10:25 EST 2006


Hi,

On Sun, Nov 05, 2006 at 09:00:44PM -0500, Tuc at T-B-O-H.NET wrote:
> 	So, next I re-ip the one on my laptop for it
> to appear to be behind a consumer wireless router.
> I open up and forward ports 500 and 4500 to it. I
> change the configs what I THINK is correct.  No work... 
> It looks like the IPSec is happy, I see what seems 
> like the session being up, but it looks like the GRE 
> is having serious issues. 

You need to have the consumer router forward IPSEC packets as well 
(IP protocol 50) - or enable NAT-Traversal on both sides.

Besides this, things look fine.

gert
-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de


More information about the cisco-nsp mailing list