From owner-freebsd-questions Sat Dec 2 16:40: 7 2000 Delivered-To: freebsd-questions@freebsd.org Received: from lasher.thario.com (lasher.thario.com [63.227.22.20]) by hub.freebsd.org (Postfix) with ESMTP id 3859237B400 for ; Sat, 2 Dec 2000 16:40:04 -0800 (PST) Received: from yoda ([192.168.70.100]) by lasher.thario.com (8.11.1/8.11.1) with SMTP id eB30dxw01595 for ; Sat, 2 Dec 2000 17:39:59 -0700 (MST) (envelope-from jim@thario.com) From: "Jim Thario" To: Subject: natd + ipsec Date: Sat, 2 Dec 2000 17:39:59 -0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG We have a network here with public and private subnets. The gateway from the private to public subnet runs natd. Recently we configured all nodes on the public subnet to converse using IPSEC transport mode. This also includes the gateway IP on the public subnet. Since the addition of IPSEC we are unable to connect to machines on the public subnet from the private subnet. It seems as if the packets that are NAT'd through the gateway are byassing IPSEC processing and, of course, the machines on the public subnet refuse to accept them. Anyone else experience this? Thanks in advance, Jim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message