HP-UX IPSec NAT-T support

sungrand · ‎03-28-2008

Hi All,

I just tested the interconnectivity of IPSec between Windows XP and HP-UX 11.23. It works perfectly without NAT. After I put a NAT device in front of my XP (client), the tunnel cannot be established. I sniffed the traffic and found the XP sent a Vendor ID for NAT-T but the response from HP-UX did not contain the same VID. I checked the HP-UX IPSec document for IPSec spec, and did not find any support information on NAT-T. Has anyone got this problem before?

Alcino Silva · ‎03-28-2008

If i understood your problem, to use NAT-T try this:

1. Enable IPSec over NAT-T globally on the security appliance.

2. Select the "before-fragmentation" option for the IPSec fragmentation policy. This option lets traffic travel across NAT devices that do not support IP fragmentation. It does not impede the operation of NAT devices that do support IP fragmentation.

3. Set a keepalive value, which can be from 10 to 3600 seconds. The default is 20 seconds.

To enable NAT-T globally on the security appliance, enter the following command:

isakmp nat-traversal natkeepalive

sungrand · ‎03-28-2008

Hi Alcino Silva,

Thank you for your answer. What "appliance" did you mean?

My question is if HP-UX's IPSec stack supports NAT-T so that a windows XP client can connect to the HP-UX server with host-to-host IPsec tunnel through any NAT device. Looks like Windows XP supports NAT-T. But I am not sure if HP-UX supports it.

Thanks...

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

HP-UX IPSec NAT-T support

HP-UX IPSec NAT-T support

Re: HP-UX IPSec NAT-T support

Re: HP-UX IPSec NAT-T support