Hello everyone, As I'm about to implement a site-to-site VPN pretty soon, I'm researching IPsec as a possible solution (I have IPsec working already, but without NAT). One of the potential issues I spotted is NAT traversal. The documentation on docs.sun.com states that NAT-T is supported, but only for ESP.
Since the packets will travel across the InterNet, I'd like to be able to somehow use AH as well. Is this possible to do if I use ip.tun0 interfaces on both IPF firewalls? If not, is there another way? Another potential issue is that I have 3 NATs happening between the two firewalls: one on the FW1 ext interface, one on the ADSL "modem", and one on the second firewall. Again, can this be solved by tunneling packets via ip.tun interfaces? If I'm "up the creek", what other alternative solutions would Sun engineers recommend? This message posted from opensolaris.org
