nat-traversal
I was trying to get some wireless laptops running the cisco vpn client (both linux & windows) behind a linux nat and was only able to get 1 laptop to connect one at a time. After some quick research, I was able to get the laptops to connect to the vpn simultaneously behind a Cisco PIX running 6.3.2 with nat-traversal and having gre and udp allowed inbound.
Another drawback, I have to consume public addresses for each nat translation. I would prefer to use PAT (single address --> many internal translations), but I don't think it is an option Has anyone seen or be able to do this with iptables? The reason being, the PIX is limited to a 24 bit dhcp scope, whereas I have a 16bit scope on my linux boxes. |
All times are GMT -5. The time now is 07:49 PM. |