05-12-2014 02:28 AM
I am establishing a VPN using IPSec with preshared support for authentication, but I studied that preshared key should not be used with nat traversal, what is the solution for this.
05-12-2014 03:21 AM
Where did you read that? Of course you can use PSKs while also using NAT-Traversal.
05-12-2014 09:06 PM
05-12-2014 10:41 PM
Sadly, there is no reason for that statement mentioned. I never heard that before, and from the differences from native exchanges to NAT-T I have no idea why you shouldn't use PSKs in that case. Anyone else?
05-14-2014 11:04 PM
05-15-2014 12:04 AM
That problem is solved since a very long time; at least most vendors (including Cisco) have solved that problem. I remember a setup I had some years ago with an Astaro-device where the authentication failed due to NAT, but I assume that nowadays every vendor can handle that. Just think about it that the described problem in that document problems is over a decade old.
05-16-2014 02:39 AM
Mr.Karsten can U explain me what happens when a IPsec end point receives first packet of IKE phase 1 negotiation whose source address has been changed to another address(by PAT device) then is this packet accepted by the IPsec end point.
05-16-2014 02:01 PM
There are two typical scenarios for that:
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide