Date: Fri, 18 Oct 2002 17:31:43 +0200 From: Julien Bournelle <Julien.Bournelle@int-evry.fr> To: freebsd-questions@freebsd.org Subject: Re: IPSEC/NAT issues Message-ID: <20021018153143.GD242@ipv6-5.int-evry.fr> In-Reply-To: <C6304883FB11E347AD4958D3F14EC00AE893A2@ing.com> References: <C6304883FB11E347AD4958D3F14EC00AE893A2@ing.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Oct 18, 2002 at 04:54:33PM +0200, Danny.Carroll@mail.ing.nl wrote: > I have often wondered about this.. > Surely there must be a way to do it. Actually, I guess not, they're working on this problem at IETF. Maybe you could look at this inetrnet-drafts: draft-ietf-ipsec-nat-reqts-02.txt Hope it helps, julien.bournelle@int-evry.fr > > -D > > > -----Original Message----- > > From: Thomas Spreng [mailto:spreng@insomniac.ch] > > Sent: Friday, October 18, 2002 11:09 AM > > To: Charles Henrich > > Cc: freebsd-questions@freebsd.org > > Subject: Re: IPSEC/NAT issues > > > > > > On Thu, Oct 17, 2002 at 11:15:24AM -0700, Charles Henrich wrote: > > > I have a network/firewall where I want to nat an entire > > network. However, I > > > also want nat traffic to one remote host in particular out > > on the internet to > > > be IPsec'd as well. > > > > > > [A] (10.x) [B] (Nat) [C] (Real IP) > > > > > > I've setup IPsec on both machines, and from either machine > > (B,C) I can ssh to > > > the other, with ipsec packets all happening happy as a > > clam. However if try a > > > connection from behind the nat box to the remote host (A,C) > > the key exchange > > > works fine (between B&C), but then no data flows back and > > forth. Anyone have > > > any suggestions on this? Thanks! > > > > > > -Crh > > hi charles, > > > > im not sure if i understand your problem right but just keep > > in mind that you > > cannot make a NAT between an IPSec connection. This is > > because the address > > translation rewrites the ip headers and the ipsec > > authentification header > > prevents the packet from being altered. > > > > greets > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > > ----------------------------------------------------------------- > ATTENTION: > The information in this electronic mail message is private and > confidential, and only intended for the addressee. Should you > receive this message by mistake, you are hereby notified that > any disclosure, reproduction, distribution or use of this > message is strictly prohibited. Please inform the sender by > reply transmission and delete the message without copying or > opening it. > > Messages and attachments are scanned for all viruses known. > If this message contains password-protected attachments, the > files have NOT been scanned for viruses by the ING mail domain. > Always scan attachments before opening them. > ----------------------------------------------------------------- > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021018153143.GD242>