Date: Thu, 27 Sep 2001 11:33:44 -0700 (PDT) From: eT <etdebruin@yahoo.com> To: freebsd-security@freebsd.org Subject: ipsec esp tunnel question Message-ID: <20010927183344.21604.qmail@web13305.mail.yahoo.com>
next in thread | raw e-mail | index | archive | help
(please respond to: eTdeBruin@yahoo.com) I managed to successfully set up an esp tunnel between two FreeBSD 4.4 gateways. Both gateways do NAT for the local IP's and both have public Legal Internet IP's using racoon for key exchange) I now have a problem with a new setup: one of the FreeBSD Gateways don't have a legal IP address anymore but is behind a NAT gateway. After much thinking and configuring I am now ready to resign to the fact that this just won't work. Every thing seems to work up until the first encapsulated packets are sent from the Legal IP Gateway (B) to the Gateway behind the NAT (A), i.e. this gateway never receives the esp packets. A : (inside) 10.20.200.0/24 A : A : (outside) a.a.a.a x.x.x.x ((Internet)) B : (outside) y.y.y.y B : B : (inside) 192.168.3.0/24 So, a.a.a.a NAT's to x.x.x.x The question is, what IP's should be used for the SPD's and the gif's? Normally the tunnel would be a y.y.y.y-a.a.a.a tunnel, but now i have the little NAT x.x.x.x address in between. Thanks. ===== Etienne de Bruin - eT@debruins.com Life has many choices, eternity only two. __________________________________________________ Do You Yahoo!? Listen to your Yahoo! Mail messages from any phone. http://phone.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010927183344.21604.qmail>