Date: Mon, 10 Mar 2014 19:25:53 +0100 From: Eric Masson <emss@free.fr> To: "John W. O'Brien" <john@saltant.com> Cc: Mailing List FreeBSD Network <freebsd-net@FreeBSD.org>, Philipp Schmid <philipp.schmid@openresearch.com> Subject: Re: [FreeBSD 10.0] nat before vpn, incoming packets not translated Message-ID: <86siqpj4ge.fsf@srvbsdfenssv.interne.associated-bears.org> In-Reply-To: <531A5FBF.1000507@saltant.com> (John W. O'Brien's message of "Fri, 07 Mar 2014 19:09:35 -0500") References: <868uu4rshh.fsf@srvbsdfenssv.interne.associated-bears.org> <53193371.4090603@saltant.com> <09B6BE02-2F04-41A1-AC0D-9A7943F88086@openresearch.com> <86siqtluns.fsf@srvbsdfenssv.interne.associated-bears.org> <531A5FBF.1000507@saltant.com>
index | next in thread | previous in thread | raw e-mail
"John W. O'Brien" <john@saltant.com> writes: Hi John, > I haven't done the mind meld with "reverse" yet. > Could you comment on why you need to operate in a reversed NAT > environment? In this particular case, this is a test lab. The purpose of this kind of setup is the following : - administrator of the remote lan demands your endpoint to be seen as a unique ip address on his ipsec device. - subnet ranges on each side conflict, so one must be natted. > What is it that's being reversed, and how does that apply to your use > case? Packets from local lan to remote lan are natted on the internal interface of gateway1 (source address is translated to match the ipsec policy) Regards Érichome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86siqpj4ge.fsf>
