At Wed, 1 Oct 2003 23:10:52 +0200, Jose Luis Domingo Lopez <linux-net@24x7linux.com> wrote: ... > To the best of my knowledge you can NAT IPsec traffic if the outer > transformation is ESP and not AH. NAT traversal seems to be only > necessary if you do AH or ESP+AH, because AH headers also covers IP > packet headers, and any change in them render the checksums bad. Not true. IPesc NAT Traversal is only for ESP. (and for IKE packets) see draft-ietf-ipsec-udp-encaps-06.txt -mk - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
