On 02/01/2017 10:21 PM, Yury Shefer wrote:
Your behind-NAT IPsec client should use external IP (78.111.187.234) as IKE identifier (IDi/initiator id) to be able to establish the SA. IMHO, the better option for your remote clients would be a use of different ID type like ID_RFC822_ADDR.
Thanks for your answer. Could you explain better how can I do this, because I don't see any settings in native Windows VPN client to specify current external IP. Moreover what to do if this is a road warrior case and external IP changes each time for every client?
