[c-nsp] A bit of backup on IPSEC/GRE/NAT
Gert Doering
gert at greenie.muc.de
Mon Nov 6 02:10:25 EST 2006
Hi,
On Sun, Nov 05, 2006 at 09:00:44PM -0500, Tuc at T-B-O-H.NET wrote:
> So, next I re-ip the one on my laptop for it
> to appear to be behind a consumer wireless router.
> I open up and forward ports 500 and 4500 to it. I
> change the configs what I THINK is correct. No work...
> It looks like the IPSec is happy, I see what seems
> like the session being up, but it looks like the GRE
> is having serious issues.
You need to have the consumer router forward IPSEC packets as well
(IP protocol 50) - or enable NAT-Traversal on both sides.
Besides this, things look fine.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
More information about the cisco-nsp
mailing list