Hi Jack, Am Mon, 2003-08-04 um 14.06 schrieb Jack Tsai: > > I have one question about NAT-T and authentication, > I use SFS-1.99.8 and it works fine on encryption, > but when I use authentication only (auth=ah) behind a NAT router, > I can build the tunnel but can't ping or send any packet from one subnet to > another. > (the packet without UDP header) > But encryption (auth=esp) works fine, and authenticate without NAT-T works > fine too. > > Does NAT-T patch not support authenticate any more ? NAT-Traversal is ESP only, sorry. And it makes sense too, since AH would authenticate the IP-Addresses which are modified by NAT.
Cheers, Ralf -- Ralf Spenneberg RHCE, RHCX Book: Intrusion Detection f�r Linux Server http://www.spenneberg.com IPsec-Howto http://www.ipsec-howto.org Honeynet Project Mirror: http://honeynet.spenneberg.org
