Date: Mon, 10 Mar 2014 19:25:53 +0100 From: Eric Masson <emss@free.fr> To: "John W. O'Brien" <john@saltant.com> Cc: Mailing List FreeBSD Network <freebsd-net@FreeBSD.org>, Philipp Schmid <philipp.schmid@openresearch.com> Subject: Re: [FreeBSD 10.0] nat before vpn, incoming packets not translated Message-ID: <86siqpj4ge.fsf@srvbsdfenssv.interne.associated-bears.org> In-Reply-To: <531A5FBF.1000507@saltant.com> (John W. O'Brien's message of "Fri, 07 Mar 2014 19:09:35 -0500") References: <868uu4rshh.fsf@srvbsdfenssv.interne.associated-bears.org> <53193371.4090603@saltant.com> <09B6BE02-2F04-41A1-AC0D-9A7943F88086@openresearch.com> <86siqtluns.fsf@srvbsdfenssv.interne.associated-bears.org> <531A5FBF.1000507@saltant.com>
next in thread | previous in thread | raw e-mail | index | archive | help
"John W. O'Brien" <john@saltant.com> writes: Hi John, > I haven't done the mind meld with "reverse" yet. > Could you comment on why you need to operate in a reversed NAT > environment? In this particular case, this is a test lab. The purpose of this kind of setup is the following : - administrator of the remote lan demands your endpoint to be seen as a unique ip address on his ipsec device. - subnet ranges on each side conflict, so one must be natted. > What is it that's being reversed, and how does that apply to your use > case? Packets from local lan to remote lan are natted on the internal interface of gateway1 (source address is translated to match the ipsec policy) Regards Éric
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86siqpj4ge.fsf>