Hello Chris thanks for the response. Sight I formed my firewall with mobile clients behind a NAT and apparently it works without problems. I detail the following configurations:
pfSense Version : 1.2-RC4 - built on Tue Jan 15 23:05:07 EST 2008 Phase 1 - Negotiation Mode : Agressive - My Identifier : User FQDN - Encryption algorithm : 3DES - Hash algorithm : MD5 - DH Key Group : 2 (1024bit) - Lifetime : 1200 - Authentication method : Pre-shared Key Phase 2 - Protocol : ESP - Encryption algorithms : 3DES - Hash algorithms : MD5 - PFS Key group : 2 (1024 bit) - Lifetime : 1200 In the client IPSEC (Greenbow) set in aggressive way, automatic NAT-T, placed a remote network (in my LAN they are several subnets) and I come without problems. It consults: how can I do that NAT does across my remote firewall and not across my Internet from where do I generate my VPN? Obviously, since, on having generated, I deal to the remote network, as soon as the tunnel VPN was opened I keep on masking across my public network from the point where I generate my VPN. >From already thank you very much Cordial greetings Sebastián Veloso Varas ________________________________________ De: [EMAIL PROTECTED] [EMAIL PROTECTED] En nombre de Chris Buechler [EMAIL PROTECTED] Enviado el: domingo, 20 de abril de 2008 17:04 Para: [email protected] Asunto: Re: [pfSense Support] Support NAT Tranversal with IPSec VPN On Fri, Apr 18, 2008 at 2:36 PM, Sebastián Veloso Varas <[EMAIL PROTECTED]> wrote: > > I would like to know if some of you has had good experiences trying to > realize tunnels VPN IPSEC doing NAT-T (Transversal), since I was reading the > characteristics that the firewall supports and says that it cannot realize > NAT-T with tunnels IPSec. > If you're talking about NAT-T with pfSense as the endpoint, that's not supported in 1.2 but should be in 1.3. If you're referring to a client behind pfSense connecting to some outside NAT-T VPN device, that works fine. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
