On Mon, Apr 29, 2002 at 02:59:53PM -0400, Eric B Kiser wrote: > Let me pose this question anew... > > Are there any required modifications, other than just /not/ restricting the > required ports, to be able to pass IPsec traffic when using your Linux > system as a router and performing NAT.
Yes, IIRC since IKE includes ip-adresses in the key exchange which are later used for the IPsec data packets. The traditional problem with protocols using sepearte control and data channels. However, the problem is aplified by the fact that the key exchange is cryptographically secured. > Respectfully, > Eric -- Live long and prosper - Harald Welte / [EMAIL PROTECTED] http://www.gnumonks.org/ ============================================================================ GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M+ V-- PS++ PE-- Y++ PGP++ t+ 5-- !X !R tv-- b+++ !DI !D G+ e* h--- r++ y+(*)
