Date: Thu, 27 Sep 2001 11:33:44 -0700 (PDT) From: eT <etdebruin@yahoo.com> To: freebsd-security@freebsd.org Subject: ipsec esp tunnel question Message-ID: <20010927183344.21604.qmail@web13305.mail.yahoo.com>
next in thread | raw e-mail | index | archive | help
(please respond to: eTdeBruin@yahoo.com)
I managed to successfully set up an esp tunnel between two FreeBSD
4.4 gateways. Both gateways do NAT for the local IP's and both have
public Legal Internet IP's using racoon for key exchange)
I now have a problem with a new setup: one of the FreeBSD Gateways
don't have a legal IP address anymore but is behind a NAT gateway.
After much thinking and configuring I am now ready to resign to the
fact that this just won't work.
Every thing seems to work up until the first encapsulated packets are
sent from the Legal IP Gateway (B) to the Gateway behind the NAT (A),
i.e. this gateway never receives the esp packets.
A : (inside) 10.20.200.0/24
A :
A : (outside) a.a.a.a
x.x.x.x
((Internet))
B : (outside) y.y.y.y
B :
B : (inside) 192.168.3.0/24
So, a.a.a.a NAT's to x.x.x.x
The question is, what IP's should be used for the SPD's and the
gif's? Normally the tunnel would be a y.y.y.y-a.a.a.a tunnel, but
now i have the little NAT x.x.x.x address in between.
Thanks.
=====
Etienne de Bruin - eT@debruins.com
Life has many choices, eternity only two.
__________________________________________________
Do You Yahoo!?
Listen to your Yahoo! Mail messages from any phone.
http://phone.yahoo.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010927183344.21604.qmail>