Date: Fri, 18 Oct 2002 16:54:33 +0200 From: <Danny.Carroll@mail.ing.nl> To: <spreng@insomniac.ch>, <henrich@sigbus.com> Cc: <freebsd-questions@freebsd.org> Subject: RE: IPSEC/NAT issues Message-ID: <C6304883FB11E347AD4958D3F14EC00AE893A2@ing.com>
next in thread | raw e-mail | index | archive | help
I have often wondered about this.. Surely there must be a way to do it. -D > -----Original Message----- > From: Thomas Spreng [mailto:spreng@insomniac.ch] > Sent: Friday, October 18, 2002 11:09 AM > To: Charles Henrich > Cc: freebsd-questions@freebsd.org > Subject: Re: IPSEC/NAT issues >=20 >=20 > On Thu, Oct 17, 2002 at 11:15:24AM -0700, Charles Henrich wrote: > > I have a network/firewall where I want to nat an entire=20 > network. However, I > > also want nat traffic to one remote host in particular out=20 > on the internet to > > be IPsec'd as well. > >=20 > > [A] (10.x) [B] (Nat) [C] (Real IP) > >=20 > > I've setup IPsec on both machines, and from either machine=20 > (B,C) I can ssh to > > the other, with ipsec packets all happening happy as a=20 > clam. However if try a > > connection from behind the nat box to the remote host (A,C)=20 > the key exchange > > works fine (between B&C), but then no data flows back and=20 > forth. Anyone have > > any suggestions on this? Thanks! > >=20 > > -Crh > hi charles, >=20 > im not sure if i understand your problem right but just keep=20 > in mind that you > cannot make a NAT between an IPSec connection. This is=20 > because the address > translation rewrites the ip headers and the ipsec=20 > authentification header=20 > prevents the packet from being altered. >=20 > greets >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message >=20 -----------------------------------------------------------------=0A= ATTENTION:=0A= The information in this electronic mail message is private and=0A= confidential, and only intended for the addressee. Should you=0A= receive this message by mistake, you are hereby notified that=0A= any disclosure, reproduction, distribution or use of this=0A= message is strictly prohibited. Please inform the sender by=0A= reply transmission and delete the message without copying or=0A= opening it.=0A= =0A= Messages and attachments are scanned for all viruses known.=0A= If this message contains password-protected attachments, the=0A= files have NOT been scanned for viruses by the ING mail domain.=0A= Always scan attachments before opening them.=0A= ----------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C6304883FB11E347AD4958D3F14EC00AE893A2>