Date: Fri, 18 Oct 2002 16:54:33 +0200 From: <Danny.Carroll@mail.ing.nl> To: <spreng@insomniac.ch>, <henrich@sigbus.com> Cc: <freebsd-questions@freebsd.org> Subject: RE: IPSEC/NAT issues Message-ID: <C6304883FB11E347AD4958D3F14EC00AE893A2@ing.com>
index | next in thread | raw e-mail
I have often wondered about this.. Surely there must be a way to do it. -D > -----Original Message----- > From: Thomas Spreng [mailto:spreng@insomniac.ch] > Sent: Friday, October 18, 2002 11:09 AM > To: Charles Henrich > Cc: freebsd-questions@freebsd.org > Subject: Re: IPSEC/NAT issues > > > On Thu, Oct 17, 2002 at 11:15:24AM -0700, Charles Henrich wrote: > > I have a network/firewall where I want to nat an entire > network. However, I > > also want nat traffic to one remote host in particular out > on the internet to > > be IPsec'd as well. > > > > [A] (10.x) [B] (Nat) [C] (Real IP) > > > > I've setup IPsec on both machines, and from either machine > (B,C) I can ssh to > > the other, with ipsec packets all happening happy as a > clam. However if try a > > connection from behind the nat box to the remote host (A,C) > the key exchange > > works fine (between B&C), but then no data flows back and > forth. Anyone have > > any suggestions on this? Thanks! > > > > -Crh > hi charles, > > im not sure if i understand your problem right but just keep > in mind that you > cannot make a NAT between an IPSec connection. This is > because the address > translation rewrites the ip headers and the ipsec > authentification header > prevents the packet from being altered. > > greets > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > ----------------------------------------------------------------- ATTENTION: The information in this electronic mail message is private and confidential, and only intended for the addressee. Should you receive this message by mistake, you are hereby notified that any disclosure, reproduction, distribution or use of this message is strictly prohibited. Please inform the sender by reply transmission and delete the message without copying or opening it. Messages and attachments are scanned for all viruses known. If this message contains password-protected attachments, the files have NOT been scanned for viruses by the ING mail domain. Always scan attachments before opening them. ----------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the messagehelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C6304883FB11E347AD4958D3F14EC00AE893A2>