Quick links:
Product Overview
Installation
Settings and Administration
ADSL
SIP Support
Telephone ports
Network
Firewall
Wireless
VPN
Misc
Licenses
Troubleshooting
Differences
This shows you the differences between two versions of the page.
|
web_gui:ipsec_pass-through [2010/11/02 10:57] tibor created |
web_gui:ipsec_pass-through [2010/11/15 10:21] (current) mats |
||
|---|---|---|---|
| Line 19: | Line 19: | ||
| The remote server is not allowed to be behind a NAT. (If the remote server is behind a NAT consider using the IPSec NAT-T protocol instead, see below.) | The remote server is not allowed to be behind a NAT. (If the remote server is behind a NAT consider using the IPSec NAT-T protocol instead, see below.) | ||
| - | **IPSec** and **PPTP** entries don't affect each other (even though they are entered into the same pass-through-list), thus you can ignore all PPTP entries when considering what IPSec entry combinations you can enter. | + | **IPSec** and **[[PPTP pass-through|PPTP]]** entries don't affect each other (even though they are entered into the same pass-through-list), thus you can ignore all PPTP entries when considering what IPSec entry combinations you can enter. |
| - | **IPSec** and **IPSec NAT-T** entries on the other hand do affect each other, especially when incomplete (one or two empty IP fields). Avoid such combinations as side effects or non-working connections might occur. | + | **IPSec** and **[[IPSec NAT-T pass-through|IPSec NAT-T]]** entries on the other hand do affect each other, especially when incomplete (one or two empty IP fields). Avoid such combinations as side effects or non-working connections might occur. |
| While standard IPSec does work in all security profiles, certain IPSec dialects do not work in Hi security profile – only in Lo. If you fail to establish an IPSec connection through Internet Gate in Hi security profile try performing the same configuration in the Lo security profile. | While standard IPSec does work in all security profiles, certain IPSec dialects do not work in Hi security profile – only in Lo. If you fail to establish an IPSec connection through Internet Gate in Hi security profile try performing the same configuration in the Lo security profile. | ||
| + | |||
| + | Read more: [[wp>IPsec_Passthrough#NAT_traversal_and_IPsec|IPsec pass-through]] | ||
| ===== IPSec NAT-T ===== | ===== IPSec NAT-T ===== | ||
| Line 31: | Line 33: | ||
| **IPSec** : raw IPSec packets are the most commonly used IPSec transmit format. However, raw IPSec has difficulty getting through firewalls and NAT-s. | **IPSec** : raw IPSec packets are the most commonly used IPSec transmit format. However, raw IPSec has difficulty getting through firewalls and NAT-s. | ||
| - | **IPSec NAT-T** : (also called IPSec over UDP) hides IPSec packets inside common UDP packets to allow easier passage through firewalls and NAT-s. Due to this ability more and more “IPSec" servers either actually run IPSec NAT-T or allows both types of traffic to connect. | + | **IPSec NAT-T** : (also called IPSec over UDP) hides IPSec packets inside common UDP packets to allow easier passage through firewalls and NAT-s. Due to this ability more and more “IPSec" servers either actually run IPSec NAT-T or allows both types of traffic to connect. [[wp>NAT-T]] |
| If you have difficulties configuring your IPSec pass-throughs you might try using IPSec NAT-T instead: it allows multiple pass-throughs to same remote server, and allows the remote server to be behind a NAT. | If you have difficulties configuring your IPSec pass-throughs you might try using IPSec NAT-T instead: it allows multiple pass-throughs to same remote server, and allows the remote server to be behind a NAT. | ||
