Jeroen, > Jeroen Massar wrote: > The Cisco should be instructed to forward all the proto 41 > packets to the private host.
I'd be curious how you do that on cisco nat. What you want to do is something like: ip nat inside source static <proto41> <private_IP> <proto41> <public_IP> unfortunately, there is no such option (only esp, tcp and udp) cisco3640(config)#ip nat inside source static ? A.B.C.D Inside local IP address esp IPSec-ESP (Tunnel mode) support network Subnet translation tcp Transmission Control Protocol udp User Datagram Protocol which leaves you with the only possibility: ip nat inside source static <private_IP> <public_IP> which NATs not only 41 but each and every protocol and port as well and I'm not too hot about that. > OR what sometimes with NAT's also work is to start the > communication on the private host side. As then the NAT > box will detect the flow, record it in it's tables and > the traffic will enter and leave the network correctly, > until the NAT entry times out. I strongly discourage this. Tried it, works for a while and then craps out without notice. Michel. --------------------------------------------------------------------- The IPv6 Users Mailing List Unsubscribe by sending "unsubscribe users" to [EMAIL PROTECTED]
