Subject: Re: racoon (ipsec) and NAT
To: Pierre Bourgin <pierre.bourgin@pcotech.fr>
From: None <itojun@iijlab.net>
List: tech-net
Date: 07/05/2002 06:14:12
>My explanations anyway were not enough understandable I think. I don't have
>a "random" NAT system in-between the two tunnel sides: the NAT system has a
>reserved (fixed) IP adress to do the mapping between this internal IP
>address and the public one, and does nothing else with these "reserved"
>address.
unfortunately, even with the above setup it doesn't work. it is just
impossible for IPsec to work with NAT, *by nature*. for instance,
NAT needs to rewrite packet content for FTP and other traffic,
however IPsec ESP is designed to make it impossible to look at the
content by encryption.
itojun