[c-nsp] ra-vpn and ipsec oddity
Gert Doering
gert at greenie.muc.de
Wed Nov 5 13:49:08 EST 2014
Hi,
On Wed, Nov 05, 2014 at 09:18:21AM -0800, ryanL wrote:
> it would seem to me an easy fix would be to nat my sf clients from a
> different source ip than the lan-to-lan source ip, but i'm curious if
> there's a way to avoid that.
"do not use NAT" or "use IPSEC with NAT-Traversal enabled" (= encapsulate
everything inside UDP/4500).
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 291 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20141105/cf827abb/attachment.sig>
More information about the cisco-nsp
mailing list