From owner-freebsd-questions@FreeBSD.ORG Fri Oct 20 18:05:30 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 94C0F16A538 for ; Fri, 20 Oct 2006 18:05:30 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from mail-out3.apple.com (mail-out3.apple.com [17.254.13.22]) by mx1.FreeBSD.org (Postfix) with ESMTP id 796FE43D92 for ; Fri, 20 Oct 2006 18:05:23 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from relay6.apple.com (relay6.apple.com [17.128.113.36]) by mail-out3.apple.com (8.12.11/8.12.11) with ESMTP id k9KI5MMV018722; Fri, 20 Oct 2006 11:05:22 -0700 (PDT) Received: from [17.214.13.96] (unknown [17.214.13.96]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by relay6.apple.com (Apple SCV relay) with ESMTP id 9A15BAA; Fri, 20 Oct 2006 11:05:22 -0700 (PDT) In-Reply-To: <200610201742.k9KHg51A040000@himinbjorg.tucs-beachin-obx-house.com> References: <200610201742.k9KHg51A040000@himinbjorg.tucs-beachin-obx-house.com> Mime-Version: 1.0 (Apple Message framework v752.2) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <691257EF-3060-450B-90DB-E82DE4CEDEB2@mac.com> Content-Transfer-Encoding: 7bit From: Chuck Swiger Date: Fri, 20 Oct 2006 11:05:21 -0700 To: "Tuc at T-B-O-H.NET" X-Mailer: Apple Mail (2.752.2) X-Brightmail-Tracker: AAAAAA== Cc: freebsd-questions@freebsd.org Subject: Re: Tunnels to Cisco through NAT? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Oct 2006 18:05:30 -0000 On Oct 20, 2006, at 10:42 AM, Tuc at T-B-O-H.NET wrote: > Is anyone aware of a tunnel between FreeBSD and Cisco that > can go through a NAT on the Cisco side? If you update the Cisco firmware with the latest IOS+VPN version, you ought to gain proper NAT-T support which will work with most IPSEC/ VPN implementations. Otherwise, if you only need to implement a single VPN tunnel, you can use something like OpenVPN, which only needs you to forward a single UDP port (1194)... -- -Chuck