[c-nsp] IPSEC behind NAT device problem
Peter Rathlev
prb at sks.aaa.dk
Thu Oct 18 14:53:29 EDT 2007
"J. Oquendo" <sil at infiltrated.net> 10/18/07 7:40 PM GMT+2:
> nonrandomseq is your friend
Last time I checked the "norandomseq" was something you applied to a
nat/static statement to prevent the PIX/ASA from manipulating TCP
sequence numbers when translating connections traversing the
firewall. In this case, we're talking ESP, not TCP. And the
connection is terminated on the firewall itself, not traversing the
firewall.
But friends are always welcome. :-)
Regards,
Peter Rathlev
More information about the cisco-nsp
mailing list