I agree. I really think the only real solution is a Linux server with three interfaces: DMZ/wireless, public, and private. Any VPN would terminate at the Linux server. I am totally open to being wrong on this though. If anyone has a solution that doesn't require any hardware changes let me know, thanks!
----- Original Message ----- From: "-ray" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Wednesday, November 26, 2003 10:04 AM Subject: Re: [brlug-general] Fw: [V3] IPSEC over NAT.. Fun! {01} > > I think Netscreen support is right. The second the NAT device changes > one of the IP headers, you defeat the purpose of IPSec! Some of the > small NAT routers support "VPN Pass-through", which allows only one VPN > client on the private network to work through NAT. > > The problem is vendors think VPN means "enterprise" and that means $$$$. > I think Cisco does IPSEC/NAT by encapsulating IPSEC in UDP products. You'd > have to use the Cisco client though. And you don't say 'Cisco' and 'save > money' in the same sentence. Not sure of any other products that do this. > > If he wants to save money, Linux/BSD gateway is the best way to go. > There are ways to get around the most commonly failing PC components. But > even that might be a chore to setup since NAT and IPSEC just don't get > along.
