Yes, you need NAT-T on both ends, but SSH can of course establish connections to itself. A better option IMO is to plonk your favourite distribution of linux on the firewall, drop in frees/wan and away you go ;)
> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On > Behalf Of Cressatti, Dominique > Sent: 20 November 2002 09:14 > To: [EMAIL PROTECTED] > Subject: RE: IPSec + L2TP VPN to MS firewall (ISA) working ! > > > >>You might consider trying SSH sentinel if you need NAT-T > support under MS > >>platforms, works well for me. > I don't how that would work with ISA server. > The current situation is that since MS current implementation > of IPSec doesn't support NAT-T (on the server but W2K client supports it), > yet they do NAT with their firewall (ISA), > MS way to tackle the issue to make IPSec work is to grab any > IPSec packets with RRAS so it bypass the firewall all together. > > Dom > > -----Original Message----- > From: Mark Weaver [mailto:[EMAIL PROTECTED]] > Sent: 19 November 2002 14:30 > To: [EMAIL PROTECTED] > Subject: RE: IPSec + L2TP VPN to MS firewall (ISA) working ! > > > Fantastic, I look forward to reading it. > > You might consider trying SSH sentinel if you need NAT-T support under MS > platforms, works well for me. > > Mark > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On > > Behalf Of Cressatti, Dominique > > Sent: 19 November 2002 13:57 > > To: [EMAIL PROTECTED] > > Subject: IPSec + L2TP VPN to MS firewall (ISA) working ! > > > > > > What am trying to say here is that I managed to successfully > > establish a VPN between Linux and MS ISA (MS firewall) > > which uses X509 certificates and L2TP. > > > > Am in the process of writing an HowTo as it is fairly involved > > but I'll accept a few questions and provide some help to those > > who trying to do it. > > > > However at this time since it is fairly involved, I can't > > begin to explain it all in this list. Therefore I'll ask those > > who trying to achieve it, to at least have followed Nat Calrson > > Howto and have a "Windows road warrior" working, using > > ipsec.exe. > > > > Limitations: > > It cannot be done if there is a NAT (ADSL router for example) > > in the path as the IPSec implementation used by MS doesn't support > > NAT-T (NAT traversal). > > At the moment the Linux box act only as server therefore I have > > to establish the VPN from the Windows server. > > > > > > Dom > > > > > > > >
