Re: VPS in DC/VA on L3?

[Jay Ashworth <jra () baylink com>]

----- Original Message -----
> From: "Christopher Morrow" <morrowc.lists () gmail com>

> On Fri, Oct 23, 2015 at 11:02 AM, Jay Ashworth <jra () baylink com>
> wrote:
> > We need to do host-mode IPSEC out of AWS to a company in the DC/VA area that
> > is on L3; AWS apparently will only do network mode IPSEC, and they won't take
> > that, so we'll need to hop.
>
> 'will only do network mode' .... because the VM you run in aws can't
> do ipsec to your pix?

Pick your problem:

AWS's productized IPSEC VPC gateway won't do host-mode, or so I am told, and

Our customer won't do network mode, and

Our customer also won't accept IPSEC traffic that's been NATted, so we can't do
it from an AWS host cause EIPs are natted; there is, TTBOMK *no* way to get a
non-natted IP on an EC2/VPC host.

Cheers,
-- jra
-- 
Jay R. Ashworth                  Baylink                       jra () baylink com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates       http://www.bcp38.info          2000 Land Rover DII
St Petersburg FL USA      BCP38: Ask For It By Name!           +1 727 647 1274