Date: Thu, 14 Jun 2012 13:21:56 -0700 From: Michael Sierchio <kudzu@tenebras.com> To: Eugene Grosbein <egrosbein@rdtc.ru> Cc: "net@freebsd.org" <net@freebsd.org> Subject: Re: ip_output: NAT then IPSEC Message-ID: <CAHu1Y729B-nRw2Y8zp8Jj8YfxuC71aFF5Eus5nYJ-F3u9EX10g@mail.gmail.com> In-Reply-To: <4FDA1483.4090207@rdtc.ru> References: <4FDA1483.4090207@rdtc.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jun 14, 2012 at 9:42 AM, Eugene Grosbein <egrosbein@rdtc.ru> wrote: > How do I make FreeBSD 8-based router/NAT/security gateway > first perform NAT for outgoing packets then apply IPSEC transport mode > for plain TCP traffic? Forgive me, but I have to ask - why? IPsec implies pairwise association, and relies on a tunnel - which means that each side knows both tunnel endpoints and both internal networks. What do you hope to accomplish with NAT? - M
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHu1Y729B-nRw2Y8zp8Jj8YfxuC71aFF5Eus5nYJ-F3u9EX10g>