I understand that ipsec cannot run behind nat.
But could someone explain why this is necessarily so?
Nat does not alter the dest address therefore the packet would
end up in the right place.
Then after deencapsulation, ipsec could see that the inner
packet was valid.
For that matter, I cannot see why tunnels within tunnels could not
work, like tarring together a bunch of tar files.
Does anyone know if this restriction is FreeSWAN or the ipsec
standard and if freeswan intends to ammend this in the future?
Thanx
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
