On Tue, 7 Jun 2016 14:02:57 -0400 John Marrett <jo...@zioncluster.ca> wrote:
> At least with Cisco hubs this is standard behaviour. There is no way > for NHRP to disambiguate between two different IPSec peers that have > the same global address. In theory if the source ports were NATed it > might be possible to use that, Cisco doesn't, don't believe that > opennhrp can either. > > Sorry, hope that someone else has a workaround, > On Tue, Jun 7, 2016 at 12:50 PM, <pbar...@netprotec.com> wrote: > > After figuring out my issue and DMVPN working as expected in my > > lab, I decided to increase the complexity to real world situations > > by putting one spoke behind a firewall and relying on NAT. This > > still worked perfectly and ipsec tunnels connected with no issue. > > However, when I placed the second spoke behind a firewall with NAT > > I have not been able to complete the ipsec tunnel connection. > > Before I start providing configurations and logs I was wondering if > > there was a simple answer to this, I have searched strongswan > > forums and opennhrp and have found nothing to tell me that this > > should or should not work. This is not currently supported in quagga/nhrp or opennhrp. In opennhrp it is difficult to implement. In quagga/nhrp it can be implemented a bit easier, but it would also require kernel support. I have not had need for this - rarely one would have multiple vpncs behind same NAT box. Though, this can become more problematic with carrier grade nat getting more popular (usually in 4g/lte wireless, and in some countries that just did not get public IPs enough). Cisco does not support this on traditional dmvpn setup. Though, the newer flexvpn implementation should be able to handle this. /Timo ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e _______________________________________________ opennhrp-devel mailing list opennhrp-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/opennhrp-devel
