Le ven 09/07/2004 à 17:38, Rainer Arnst a écrit : > I tried to work with that, but failed to produce the desired results, > which were to enable IPSec transport mode packets to pass through the > firewall not being NATed. [...] > Got anyone any ideas? Yes, I got one I previously explained. IPSEC transport mode can't cope with NAT if you do TCP. ESP transport port only encapsulate IP packet payload (layer 4) as opposed to ESP tunnel which encapsulate full IP packet. When you do NAT, you alter IP source and/or destination. But TCP checksum includes IP addresses, which means you have to recompute it on the fly when NATing. Anf for it is ciphered, you can't. -- http://www.netexit.com/~sid/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE >> Hi! I'm your friendly neighbourhood signature virus. >> Copy me to your signature file and help me spread!
