From owner-freebsd-security@FreeBSD.ORG  Mon May 16 02:41:19 2005
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E07E316A4DB
	for <freebsd-security@freebsd.org>;
	Mon, 16 May 2005 02:41:19 +0000 (GMT)
Received: from orpheus.coreixsystems.com.au (orpheus.coreixsystems.com.au
	[203.59.54.185])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 59AC943D6B
	for <freebsd-security@freebsd.org>;
	Mon, 16 May 2005 02:41:18 +0000 (GMT)
	(envelope-from coreix@coreixsystems.com.au)
Received: from craigrm (craigrm.coreixsystems.com.au. [192.168.1.50])
	j4G2fEn2000553	for <freebsd-security@freebsd.org>;
	Mon, 16 May 2005 10:41:16 +0800 (WST)
	(envelope-from coreix@coreixsystems.com.au)
Message-ID: <001001c559c0$bb190860$3201a8c0@craigrm>
From: "Coreix Systems" <coreix@coreixsystems.com.au>
To: <freebsd-security@freebsd.org>
Date: Mon, 16 May 2005 10:41:09 +0800
Organization: Coreix Systems
MIME-Version: 1.0
Content-Type: text/plain;
	format=flowed;
	charset="iso-8859-1";
	reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-Mailman-Approved-At: Mon, 16 May 2005 13:38:43 +0000
Subject: Configure a FreeBSD firewall to pass IPSec?
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: Coreix Systems <coreix@coreixsystems.com.au>
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 16 May 2005 02:41:20 -0000

Greg White,.

I have noted your comment on some documentation found on the web, "I have 
successfully (and repeatedly) used Nortel VPN client on a NATed host through a 
FreeBSD gateway."

Currently i have the same problem with a Nortel BCM Running M$ Windows VPN, the 
BCM sit's behind a FreeBSD Firewall / NATD.

---- Network ----

ADSL Modem
    |
FreeBSD Server / Gateway / HTTP etc.
    | 192.168.2.242      |    192.168.1.1
Nortel BCM            LAN

-----------------------------------------------------------------

Can you please provide me with any help (documentation) as to how you were able 
to successfully get IPSec Forwarding through the Nat'ed BSD Server without 
breaking IPSEC_AH


Thanks

Craigrm