Hello Sebastien,I'm not sure there's something special to force nat-t, it's
automatic.The natted side has to initiate the flow to the non natted side.If
the two sides are natted then there should be a port forward to one of
them.There should be a nat keepalive parameter as well.
Le Lundi 13 mars 2017 18h40, Sébastien Morand <[email protected]> a
écrit :
Hi,
I'm trying to set up a NAT-T IPSec VPN with one of my client.
Is this configuration ok on ipsec.conf for NAT-T?
ike esp \
  from 10.85.98.16/29 to {10.249.0.0/21} \
  peer <IP CLIENT> \
  main auth hmac-sha1 enc aes-256 group modp1536 lifetime 86400 \
  quick auth hmac-sha1 enc aes-256 group modp1536 lifetime 86400 \
  srcid "<MY PUBLIC IP>" \
  psk "********"
Something else to force NAT-T?
Thanks by advance,
Sébastien
