rob.edkins@axon.co.nz wrote:
>> Well, I'm happily sitting behind an M10 talking over Securemote now
>> too. And y'know what? I *didn't* need a pinhole.
>>
>Hi Don, are you using IKE with ESP or AH?

IKE w/ ESP. AH includes the IP addresses in the checksum (computed
before encryption) so any kind of NAT irreversibly breaks AH. ESP
is fine.

-- don

This message is part of the NZ Broadband mailing list.
see http://freebsddiary.cx/adsl/ for archives, FAQ,
and various documents.
To unsubscribe: send mail to majordomo@freebsddiary.cx
with "unsubscribe adsl" in the body of the message
Received on Thu Jun 8 09:56:08 2000