Date: Mon, 16 Oct 2000 09:58:22 -0400 (EDT) From: "Bill O'Connell" <bill@springwoodsys.com> To: Fabrizzio Batista <Fabrizzio.Batista@lojasobino.com.br> Cc: freebsd-questions@freebsd.org Subject: Re: Problems with IPSEC Message-ID: <XFMail.001016095822.bill@springwoodsys.com> In-Reply-To: <001f01c0376f$5d7dd8c0$65010180@lojasobino.com.br>
next in thread | previous in thread | raw e-mail | index | archive | help
On 16-Oct-00 Fabrizzio Batista wrote: > Bill wrote: > >> The SAD and SPD entries look OK. Are you running a firewall and/or >> NAT on these systems? If so, how are they configured? >> > > Yeah, I´m running ipfw and NAT. NAT breaks IPSEC ??? > > How can I do to use NAT in my internal interface ? Is this the best > solution ? > > Thanks in advance, > > Fabrizzio > > If your ipfw rules divert packets to natd before ipsec sees them, then that's the problem. You'd have to allow your VPN private addresses to pass before they're diverted to natd, which presents potential security issues. This is why it's probably not a good idea to have the same box be both a firewall and an IPSec security gateway. Bill To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.001016095822.bill>