On Wednesday, 01 October 2003, at 12:16:09 -0700, Ranjeet Shetye wrote: > Now, NAT-Traversal encapsulates IPSec packets in UDP. Can we do an IPSec > - NAT-Traversal combo in order to solve this problem ? Maybe have a > POSTROUTING_NATTRAVERSAL table that will be automatically filled with > entries based on active IPSec tunnels or policies ? > To the best of my knowledge you can NAT IPsec traffic if the outer transformation is ESP and not AH. NAT traversal seems to be only necessary if you do AH or ESP+AH, because AH headers also covers IP packet headers, and any change in them render the checksums bad. But I could be wrong, something that wouldn't surprise me a lot ;-) -- Jose Luis Domingo Lopez Linux Registered User #189436 Debian Linux Sid (Linux 2.6.0-test5-mm3) - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
