Antony Stone wrote: > On Friday 14 May 2004 2:00 pm, Sez wrote: > >> I have a microsoft server to l2tp/ipsec. And my firewall is a Linux. >> I understand that if i create a server in micro$oft box, i can >> routing the traffic with Linux with any problem (no recompile, >> multiple users, nat with l2tp/ipsec). > > Can someone who knows about L2TP / IPsec step in here please? I am pretty sure that all distinguishable features of IPSec are vurried inside the encrypted tunnel, which means it can't be conntracked uniquely through NAT. So, the only way to successfully have IPSec tunnels is hand coding each Source-Destination w/Protocol into the NAT tables. That's how CISCO says to forward them anyways: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft /122t/122t13/ftnatesp.htm Since there doesn't seem to be a conntrack helper I can only assume its because there's no session id equivilent as there is in PPTP.
