Quick links:
Product Overview
Installation
Settings and Administration
ADSL
SIP Support
Telephone ports
Network
Firewall
Wireless
VPN
Misc
Licenses
Troubleshooting
This shows you the differences between two versions of the page.
web_gui:ipsec_nat-t_pass-through [2010/11/02 11:05] tibor created |
web_gui:ipsec_nat-t_pass-through [2010/11/15 10:23] (current) mats |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== IPSec NAT-T pass-throughs ====== | ====== IPSec NAT-T pass-throughs ====== | ||
- | **IPSec NAT-T** (also called IPSec over UDP) is rapidly gaining popularity as the method of transferring traffic amongst IPSec servers and clients, due to its ability to get through firewalls and NAT-s. | + | **IPSec NAT-T** (also called IPSec over UDP) is rapidly gaining popularity as the method of transferring traffic amongst IPSec servers and clients, due to its ability to get through firewalls and NAT-s. [[wp>NAT-T]] |
Raw IPSec traffic has difficulty getting through firewalls and NAT-s. IPSec NAT-T however hides the IPSec packets inside common UDP packets to allow easier passage. Due to this ability more and more “IPSec" servers either actually run IPSec NAT-T or allows both types of traffic to connect. | Raw IPSec traffic has difficulty getting through firewalls and NAT-s. IPSec NAT-T however hides the IPSec packets inside common UDP packets to allow easier passage. Due to this ability more and more “IPSec" servers either actually run IPSec NAT-T or allows both types of traffic to connect. | ||
Line 17: | Line 17: | ||
If neither local client IP nor remote server IP is specified, any local client can access any remote server. | If neither local client IP nor remote server IP is specified, any local client can access any remote server. | ||
- | **IPSec NAT-T** and **PPTP** entries don't affect each other (even though they are entered into the same pass-through-list), thus you can ignore all PPTP entries when considering what IPSec NAT-T entry combinations you can enter. | + | **IPSec NAT-T** and **[[PPTP pass-through|PPTP]]** entries don't affect each other (even though they are entered into the same pass-through-list), thus you can ignore all PPTP entries when considering what IPSec NAT-T entry combinations you can enter. |
- | **IPSec NAT-T** and **IPSec** entries on the other hand do affect each other, especially when incomplete (one or two empty IP fields). Avoid such combinations as side effects or non-working connections might occur. | + | **IPSec NAT-T** and **[[IPSec pass-through|IPSec]]** entries on the other hand do affect each other, especially when incomplete (one or two empty IP fields). Avoid such combinations as side effects or non-working connections might occur. |
Even though it is possible to enter multiple incomplete rows (with missing IP addresses), such configurations might easily lead to side effects and non-working connections and is therefore not recommended. | Even though it is possible to enter multiple incomplete rows (with missing IP addresses), such configurations might easily lead to side effects and non-working connections and is therefore not recommended. |