On 18 November 2011 18:28, Vic <lug@???> wrote:
>
>> Yes, but there is a "NAT traversal" option with IPSEC where they put
>> the encrypted payload in UDP packets.
>> That method is much more likely to get through.
>
> That's NAT-T. To quote from Microsoft's own page[1]:
>
> "We do not recommend Internet Protocol security (IPSec) network address
> translation (NAT) traversal (NAT-T) for Windows deployments that include
> VPN servers and that are located behind network address translators."
>
> NAT-T is considered a security risk, and is disabled by default. It's best
> that it remain so.
>
It seems that SSL/TLS tunnels seem more popular now days.
That is what some of the Juniper VPN clients use.
--
Please post to: Hampshire@???
Web Interface:
https://mailman.lug.org.uk/mailman/listinfo/hampshire
LUG URL:
http://www.hantslug.org.uk
--------------------------------------------------------------
