From owner-freebsd-net  Thu Oct 17 16:22:46 2002
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1273F37B401
	for <freebsd-net@freebsd.org>; Thu, 17 Oct 2002 16:22:45 -0700 (PDT)
Received: from sigbus.com (c-24-126-10-97.we.client2.attbi.com [24.126.10.97])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4E1CC43E6A
	for <freebsd-net@freebsd.org>; Thu, 17 Oct 2002 16:22:44 -0700 (PDT)
	(envelope-from henrich@sigbus.com)
Received: (from henrich@localhost)
	by sigbus.com (8.11.1/8.11.1) id g9HNMhq90134
	for freebsd-net@freebsd.org; Thu, 17 Oct 2002 16:22:43 -0700 (PDT)
	(envelope-from henrich)
Date: Thu, 17 Oct 2002 16:22:43 -0700
From: Charles Henrich <henrich@sigbus.com>
To: freebsd-net@freebsd.org
Subject: IPSEC/NAT issues
Message-ID: <20021017162243.B89519@sigbus.com>
Mail-Followup-To: freebsd-net@freebsd.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
X-Operating-System: FreeBSD 4.2-RELEASE
X-PGP-Fingerprint: 1024/F7 FD C7 3A F5 6A 23 BF  76 C4 B8 C9 6E 41 A4 4F
X-GPG-Fingerprint: EA4C AB9B 0C38 17C0 AB3F  11DE 41F6 5883 41E7 4F49
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

I apologize for not CC'ing originally!

I have a network/firewall where I want to nat an entire network.  However, I
also want nat traffic to one remote host in particular out on the internet to
be IPsec'd as well.

[A] (10.x) [B] (Nat) [C] (Real IP)

I've setup IPsec on both machines, and from either machine (B,C) I can ssh to
the other, with ipsec packets all happening happy as a clam.  However if try a
connection from behind the nat box to the remote host (A,C) the key exchange
works fine (between B&C), but then no data flows back and forth.  Anyone have
any suggestions on this?  Thanks!

-Crh

       Charles Henrich                                   henrich@msu.edu

                        http://www.sigbus.com/~henrich


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message