[c-nsp] *** GMX Spamverdacht *** RE: IPSEC over NAT - what am I missing?
Garry
gkg at gmx.de
Sat Jan 26 14:47:19 EST 2013
On 25.01.2013 18:15, Antonio Soares wrote:
> Remove AH from the equation and it should work. For example, change your
> Transform Set to this:
>
> crypto ipsec transform-set L2L esp-aes 256 esp-sha-hmac
>
> I'm not sure but maybe NAT-T doesn't work with AH.
>
Did more more tests - turns out after all that the AH seems to be the
cause of the problem ... got the GNS3 setup to work with NAT by removing
the AH part from the transform set, so your idea was dead on!
Now back to the real life setup and hopefully that will also work ...
Thanks!
-garry
More information about the cisco-nsp
mailing list