From owner-freebsd-net Tue Jan 2 6:54:22 2001 From owner-freebsd-net@FreeBSD.ORG Tue Jan 2 06:54:20 2001 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from rerun.lucentctc.com (rerun.lucentctc.com [199.93.237.2]) by hub.freebsd.org (Postfix) with ESMTP id 0A22337B400 for ; Tue, 2 Jan 2001 06:54:20 -0800 (PST) Received: by rerun.lucentctc.com with Internet Mail Service (5.5.2650.21) id ; Tue, 2 Jan 2001 09:51:21 -0500 Message-ID: <443F9E4C6D67D4118C9800A0C9DD99D710823A@rerun.lucentctc.com> From: "Cambria, Mike" To: 'Blaz Zupan' , "Michael C. Cambria" Cc: freebsd-net@FreeBSD.ORG Subject: RE: natd not translating ESP packets Date: Tue, 2 Jan 2001 09:51:20 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Updating my ipfw/natd system to 4.2-Release worked. MikeC -----Original Message----- From: Blaz Zupan [mailto:blaz@amis.net] Sent: Friday, December 29, 2000 11:18 AM To: Michael C. Cambria Cc: freebsd-net@FreeBSD.ORG Subject: Re: natd not translating ESP packets > > IPSec and NAT don't play together > > I've set other pepole up (granted with comercial products) to do this very > thing just fine. > > I'm not using AH, just ESP, so nat'ing the IP address of the outer header > will not break anything. Ok, let me rephrase it. IPSec and NAT don't play together on FreeBSD. natd does not know how to masqeurade ESP packets. Blaz Zupan, Medinet d.o.o, Linhartova 21, 2000 Maribor, Slovenia E-mail: blaz@amis.net, Tel: +386-2-320-6320, Fax: +386-2-320-6325 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message