Ipsec mobility in nat environment, Routing table changes – Panasonic 7 User Manual
Page 152
Attention! The text in this document has been recognized automatically. To view the original document, you can use the "Original mode".
152 Chapter 8 Configuring IPSec mobility and persistent mode
IPSec mobility in NAT environment
In some situations roaming in the environment of NAT devices might prevent
users from taking full advantage of IPSec mobility feature. Table 11 illustrates
some configuration caveats that will allow to increase roaming effectiveness in
NAT environment.
Table 11
Configuration considerations
Initial NVC connection
was behind
After roaming NVC
connection is behind
Nortel VPN Router
configuration caveats to
make mobility work
successfully
No NAT
No NAT
None
IPSec unaware NAT
Always NAT Traversal
IPSec aware NAT
Always NAT Traversal
IPSec aware NAT
No NAT
None*
IPSec unaware NAT
Always NAT Traversal or
auto-detect NAT
IPSec aware NAT
None*
Non-IPSec aware NAT
No NAT
None*
IPSec unaware NAT
None*
IPSec aware NAT
None*
*The appropriate IPSec group settings (Auto-Detect NAT, Always UDP Encap, or
Auto-Detect IPSec capable NAT) makes the initial connection successful. No
changes are required for roaming to work.
Routing table changes
Routing table changes apply to the Nortel VPN Client. When operating in split
tunneling mode, the NVC periodically checks the routing table on the client's PC
to determine if the table has been altered in any way. This checking is done for
security reasons to detect for intrusions and unauthorized access to the private
network. When a routing table change is detected the tunnel is brought down.
NN46110-500