From owner-freebsd-pf@FreeBSD.ORG  Wed Aug  3 12:03:16 2011
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 93ECD1065674
	for <freebsd-pf@freebsd.org>; Wed,  3 Aug 2011 12:03:16 +0000 (UTC)
	(envelope-from zeus@relay.ibs.dn.ua)
Received: from relay.ibs.dn.ua (relay.ibs.dn.ua [91.216.196.25])
	by mx1.freebsd.org (Postfix) with ESMTP id 0E2078FC13
	for <freebsd-pf@freebsd.org>; Wed,  3 Aug 2011 12:03:15 +0000 (UTC)
Received: from relay.ibs.dn.ua (localhost [127.0.0.1]) 
	by relay.ibs.dn.ua with ESMTP id p73BnhTx006924
	for <freebsd-pf@freebsd.org>; Wed, 3 Aug 2011 14:49:43 +0300 (EEST)
Received: (from zeus@localhost)
	by relay.ibs.dn.ua (8.14.4/8.14.4/Submit) id p73BnhRa006923
	for freebsd-pf@freebsd.org; Wed, 3 Aug 2011 14:49:43 +0300 (EEST)
Date: Wed, 3 Aug 2011 14:49:43 +0300
From: Zeus V Panchenko <zeus@ibs.dn.ua>
To: freebsd-pf@freebsd.org
Message-ID: <20110803114943.GC98303@relay.ibs.dn.ua>
Mail-Followup-To: freebsd-pf@freebsd.org
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
User-Agent: Mutt/1.4.2.3i
X-Operating-System: FreeBSD 8.1-RELEASE
X-Editor: GNU Emacs 23.2.1
X-Face: iVBORw0KGgoAAAANSUhEUgAAACoAAAAqBAMAAAA37dRoAAAAFVBMVEWjjoiZhHDWzcZuW1U
	wOT+RcGxziJxEN0lIAAABrklEQVQokV2STXLbMAyFQaraE3a5dzSTfR1IF7CQrM3QuECn9z9DH0
	gxzgSyFvr88PBD0uJxoR6BE+e8LtRgohE5ZB50sODP/REbfUnte/z12+llCekLUSKenFIMke6Be
	WinE8H0RJHSN71rUQp64gFDmtDDhRk0zam3FzpNVFprhwPGaFo6oY9wDBJQ9Qz6EuKyROJjDGa+
	uza4VOTa8iHlN58Yv5BF9+4BGl0LA5pUD5xKXg4aQlVZm0co3NKxCGxQpu3aC352Gv3DZONmwQd
	tkrlaylV3YSew7bWtwAZF/zi9jblmprPoL7ktzeFSxmarVNmWRi+Bmxg7Y7tbGtR8XZUxLTo86G
	thANsssetjp3POuBvMBRlw6jRa5pKN7yVlP+F2lyiZGSMf5hnSU6eAVupmtfjRcxy0momwpxDnz
	06hwnOWvBnUdR8U2/KX7cq26u1Jy5xFZMPOVONRbRUrwey8Qar6cWgf12xSymQuVX0DfYd4R8kN
	Hg0qCtLeaYZcj8B90M2N0cEX1P0vKSxw7NLy/3X8Qeriusu66jNA37P4Mn5QRTG2hz4d9D/6E3a
	EX852nwAAAABJRU5ErkJggg==
Subject: can pf `nat before vpn'?
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: zeus@ibs.dn.ua
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Aug 2011 12:03:16 -0000

Hi,

may somebody clarify, pls:

can pf do `nat before vpn' to make it is possible for LAN to access
networks behind the Cisco ipsec over single ipsec tunnel ip?

i talk about RELENG_8

-- 
Zeus V. Panchenko
JID:zeus@gnu.org.ua			      	        GMT+2 (EET)