Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 13 Nov 2003 12:46:24 -0500
From:      Vincent Goupil <>
To:        "''" <>, "''" <>, "''" <>
Subject:   IPSec VPN & NATD (problem with alias_address vs redirect_address)
Message-ID:  <F7D4BDA0E5A1D14B99D32C022AEB7366FE109C@alis-2k.alis.domain>

Next in thread | Raw E-Mail | Index | Archive | Help
I setup a firewall with ipfw2 and natd on freebsd 4.9 release.

I have mapped my subnet with alias_address
I have mapped 4 private ip address with 4 public ip address

Everything is working fine (web, email, ftp, etc..) for outgoing and
incoming connexion for anyone on my network.

With this configuration, 5 person at a time (on my network) could dial =
the same VPN server.
4 with different IP and the one with the alias_address.  I supposed =
only one person at a time can use the alias_address with the IPSec VPN =
think, tell me if I'm wrong)

I have authorized AH and ESP to pass through my firewall.
Also incoming UDP 500

I'm able to use the VPN for the people mapped with alias_address.
I can't use the VPN with the people using the redirect_address.

Is there any problem with the redirect_address directive with natd for =
protocol 51 and 51.

Is there any other way to have these 5 people at the same time to
communicate to the same vpn server ?
I though that I could use the redirect_address to do that.  So the =
connexion to the VPN server appear from a different IP source address.

Vincent Goupil
Administrateur r=E9seau / Network administrator

Want to link to this message? Use this URL: <>