So when setting up a site-to-site VPN as I am now, unless the two connecting gateways have a private/dedicated link between them and thusly are on the same subnet so that NAT isn't in use anywhere, NAT-T won't be needed?
But, in any other case, such as mine, where I have two VPN devices (A Watchguard Firebox SOHO6 and an ASG120) which are at two remote sites behind ADSL routers NAT-T must be used by the two ADSL routers to port forward the IPSec connection between the two VPN gateway devices? And seeing as these ADSL routers only forward TCP and UDP ports I would need to forard UDP 500 for IKE and UDP 4500 for NAT-T, is that all correct?
Thanks for clarifying this for me, I just need to get my head straight!
This thread was automatically locked due to age.
