Date: Fri, 08 Apr 2005 01:18:54 +0800 From: John Mok <jmok@attglobal.net> To: tms3@fsklaw.com Cc: freebsd-net@freebsd.org Subject: Re: FreeBSD Firewall + NAT Traversal + IPsec Message-ID: <42556B7E.5030703@attglobal.net> In-Reply-To: <425550E6.3080005@fsklaw.com> References: <42555C87.7030700@attglobal.net> <425550E6.3080005@fsklaw.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Dear Tom, Thank you for your quick reply. I would like to know more on the issue. To my understanding, since the source address of the IP packet from the client would be modified on the NAT, normally it would fail AH check on the IPsec VPN gateway, or the FreeBSD NAT has built-in compliance with RFC3947? Thank you, John Mok Tom Skeren wrote: > John Mok wrote: > >> Hi, >> >> I'm new to FreeBSD. Is it possible make a FreeBSD box with firewall + >> NAT, such that client PC(s) from the NATed internal network could >> connect to a VPN gateway on the Internet :- >> >> client PC ----- FreeBSD Firewall + NAT ---- Internet ---- IPsec VPN >> gateway >> 192.168.x.x/16 (e.g. >> Checkpoint FW-1) >> (VPN client) >> >> I hope someone could help to advise what software is required on the >> FreeBSD box to NAT traversal work and where to get the HOWTO(s)? > > > Should be no problem. > > <http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-natd.html>; > > >> >> Thanks a lot. >> >> John Mok >> >> _______________________________________________ >> freebsd-net@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-net >> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >> > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42556B7E.5030703>