From owner-freebsd-net@FreeBSD.ORG Wed Oct 19 18:02:18 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4ECF916A41F for ; Wed, 19 Oct 2005 18:02:18 +0000 (GMT) (envelope-from holm@pegasus.freiberg-net.de) Received: from pegasus.freiberg-net.de (pegasus.freibergnet.de [80.243.43.9]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2D1B143D5D for ; Wed, 19 Oct 2005 18:02:16 +0000 (GMT) (envelope-from holm@pegasus.freiberg-net.de) Received: from pegasus.freiberg-net.de (localhost.freiberg-net.de [127.0.0.1]) by pegasus.freiberg-net.de (8.13.4/8.13.1) with ESMTP id j9JI1EOc039274 for ; Wed, 19 Oct 2005 20:01:14 +0200 (CEST) (envelope-from holm@pegasus.freiberg-net.de) Received: (from holm@localhost) by pegasus.freiberg-net.de (8.13.4/8.13.1/Submit) id j9JI1Efp039273 for freebsd-net@freebsd.org; Wed, 19 Oct 2005 20:01:14 +0200 (CEST) (envelope-from holm) Date: Wed, 19 Oct 2005 20:01:14 +0200 From: Holm Tiffe To: freebsd-net@freebsd.org Message-ID: <20051019180114.GB38872@pegasus.freiberg-net.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.1i Organization: FreibergNet Internet Services Priority: normal X-Phone: +49-3731-419010 X-Fax: +49-3731-4196026 X-PGP-fingerprint: 86 EC A5 63 B5 28 78 13 8B FC E9 09 04 6E 86 FC Subject: urgent: RELENG_5 ipfw/nat/IPSEC Problem.. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: holm@freibergnet.de List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Oct 2005 18:02:18 -0000 Hi, I have a currently big problem with the following setup: A FreeBSD Box, running 5_STABLE is connected wirh one interface to the public, with the other to an nated' subnet with private address space. I need to allow at least one host from inside the private network access to an outside Cisco VPN concentrator. I've learned in the meantime, that allowing udp connections from inside to the outside net and vis versa is'nt doing the job. (I've struggeled in the meantime over tcpdump, that is showing isakmp packets leaving the external interface, but they dont't really do this..) What exactly I have to do get this working? The FreeBSD Box is out of reach (around 50km from here), I can't access the hosts on the inside network and I dont't have access to the cisco concentrator, so I can't test different setups .. Can please anyone help? Regards, Holm ps: please Cc me, I've currently not subscribed to this list. -- L&P::Kommunikation GbR Holm Tiffe * Administration, Development FreibergNet.de Internet Systems phone +49 3731 419010 Bereich Server & Technik fax +49 3731 4196026 D-09599 Freiberg * Am St. Niclas Schacht 13 http://www.freibergnet.de