Two modes of udp encapsulation are available: o, At&t client vpn, Bluemoon] o – SMC Networks Barricade SMC2404WBR User Manual
Page 109: Allownatthroughfirewall=true
§
Two modes of UDP Encapsulation are available:
o
Automatic mode in which UDP encapsulation is
performed only when the Secure Remote client is behind a
dynamic Network Address Translation device configured
for Hide mode. In other cases, IPSec packets are
transmitted in the standard manner. The server determines
how to transmit IPSec packets according to value of the
source port in IKE packets.
o
Forced mode in which the client can work only in UDP
Encapsulation Mode. Communication is enabled only if the
gateway supports UDP encapsulation and always uses
UDP Encapsulation Mode. Forced mode should be used if
the client is behind devices which drop or damage IPSec
packets but do not modify IKE packets.
Ø
AT&T Client VPN
§
AT&T Global Networks, (formerly IBM Global Networks),has
used IPSec Header Authentication, and thus would not work through
a NAT device.
§
The new version of the AT&T Client VPN software (which they
call the "dialer" with Bluemoon Tunneling) now supports IPSec Data
Authentication without IPSec Header Authentication, and it now
works through routers.
§
However, in order to make this work, you need to put the
following two undocumented statements in the "custom.ini" file
which is located in the same directory as the rest of the VPN client
software (typically c:\program files\AT&T Global Network\).
§
The version of the AT&T client software must be 4.25.2 or
higher (which was released on Sept 6, 2000).
§
In custom.ini put:
o
[BlueMoon]
o
AllowNatThroughFireWall=True