http://www.securityportal.com/list-archive/fw1/1998/Jun/0730.html
I suspect you're screwed. Just for a start, a one-to-many NAT implementation
is never going to work. In brief, dynamic NAT keeps track of all the
different connections based on TCP/UDP port multiplexing. Dynamic NAT has no
way of coping with IP protocols like ESP and AH that contain no port data.
Static NAT could work in some circumstances. Odds are it's not going to
though. I'd forget it.[1]
The basic rule is never NAT _after_ you've done IPSec / Securemote
encapsulation.
Cheers,
[1] If you're game, ESP in tunnel mode with no AH should work with
pre-shared keys.
--
Ben Nagy
Network Consultant, Volante Solutions
PGP Key ID: 0x1A86E304 Mobile: +61 414 411 520
> -----Original Message-----
> From: Pere Camps [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, 10 August 2000 7:18 PM
> To: [EMAIL PROTECTED]
> Subject: SecuRemote and NAT
>
>
> Hi!
>
> We're trying to setup FW-1 with SecuRemote which sits behind a
> hide NATed firewall (1:n)
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
