Re: Block all servers?

[Stefan Mink <mink () schlund net>]

On Tue, Oct 14, 2003 at 10:07:45AM -0700, Crist Clark wrote:
> > > Yes, it does work, on a small scale.  However what if your neighbor
> > > wants to IPSEC to the same place (say you work at the same place).
> > > If both of you are NAT'd from the same IP address trying to IPSEC
> > > to the same IP address?  I don't believe things will work in this
> > > instance.
> >
> > why not? We use it here, works fine (with certificates for auth).
>
> OK, let's do this one more time. Many-to-one NAT of a many-to-one ESP VPN
> does not work. (Period)

I'm doing a shortcut here: I didn't want to say I'm using "pure standard
IPsec" (2401/2409) here. For me extensions like NAT-T or DPD are part
of IPsec too although they are still in the draft state. They just
make IPsec more usable as in this case here...

I know the additional encapsulation isn't a nice thing with NAT-T
but at least it works :] (don't look at L2TP via IPsec if you
don't like additional encapsulations - nevertheless it seems to
be the future of Windows-VPNs :( ).

   tschuess
             Stefan
-- 
Stefan Mink, Schlund+Partner AG (AS 8560)
Primary key fingerprint: 389E 5DC9 751F A6EB B974  DC3F 7A1B CF62 F0D4 D2BA

Attachment: _bin
Description: