From owner-freebsd-questions Fri Oct 18 8:21:46 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0D29437B404 for ; Fri, 18 Oct 2002 08:21:44 -0700 (PDT) Received: from mail1.ing.nl (mail1.ing.nl [145.221.93.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9519043E9E for ; Fri, 18 Oct 2002 08:21:42 -0700 (PDT) (envelope-from Danny.Carroll@mail.ing.nl) Content-Class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: RE: IPSEC/NAT issues X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 Date: Fri, 18 Oct 2002 16:54:33 +0200 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Importance: normal Thread-Topic: IPSEC/NAT issues thread-index: AcJ2hhJLvDSgmZqzRcC7fL9J3DwNCQAMEVLw From: To: , Cc: X-OriginalArrivalTime: 18 Oct 2002 14:54:33.0764 (UTC) FILETIME=[453E6E40:01C276B6] Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I have often wondered about this.. Surely there must be a way to do it. -D > -----Original Message----- > From: Thomas Spreng [mailto:spreng@insomniac.ch] > Sent: Friday, October 18, 2002 11:09 AM > To: Charles Henrich > Cc: freebsd-questions@freebsd.org > Subject: Re: IPSEC/NAT issues >=20 >=20 > On Thu, Oct 17, 2002 at 11:15:24AM -0700, Charles Henrich wrote: > > I have a network/firewall where I want to nat an entire=20 > network. However, I > > also want nat traffic to one remote host in particular out=20 > on the internet to > > be IPsec'd as well. > >=20 > > [A] (10.x) [B] (Nat) [C] (Real IP) > >=20 > > I've setup IPsec on both machines, and from either machine=20 > (B,C) I can ssh to > > the other, with ipsec packets all happening happy as a=20 > clam. However if try a > > connection from behind the nat box to the remote host (A,C)=20 > the key exchange > > works fine (between B&C), but then no data flows back and=20 > forth. Anyone have > > any suggestions on this? Thanks! > >=20 > > -Crh > hi charles, >=20 > im not sure if i understand your problem right but just keep=20 > in mind that you > cannot make a NAT between an IPSec connection. This is=20 > because the address > translation rewrites the ip headers and the ipsec=20 > authentification header=20 > prevents the packet from being altered. >=20 > greets >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message >=20 -----------------------------------------------------------------=0A= ATTENTION:=0A= The information in this electronic mail message is private and=0A= confidential, and only intended for the addressee. Should you=0A= receive this message by mistake, you are hereby notified that=0A= any disclosure, reproduction, distribution or use of this=0A= message is strictly prohibited. Please inform the sender by=0A= reply transmission and delete the message without copying or=0A= opening it.=0A= =0A= Messages and attachments are scanned for all viruses known.=0A= If this message contains password-protected attachments, the=0A= files have NOT been scanned for viruses by the ING mail domain.=0A= Always scan attachments before opening them.=0A= ----------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message