> Yes, but there is a "NAT traversal" option with IPSEC where they put
> the encrypted payload in UDP packets.
> That method is much more likely to get through.
That's NAT-T. To quote from Microsoft's own page[1]:
"We do not recommend Internet Protocol security (IPSec) network address
translation (NAT) traversal (NAT-T) for Windows deployments that include
VPN servers and that are located behind network address translators."
NAT-T is considered a security risk, and is disabled by default. It's best
that it remain so.
Vic.
[1]
http://support.microsoft.com/kb/885348/en-us
--
Please post to: Hampshire@???
Web Interface:
https://mailman.lug.org.uk/mailman/listinfo/hampshire
LUG URL:
http://www.hantslug.org.uk
--------------------------------------------------------------
