From owner-freebsd-questions@FreeBSD.ORG  Tue May 27 08:15:04 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 32E7A37B401
	for <questions@freebsd.org>; Tue, 27 May 2003 08:15:04 -0700 (PDT)
Received: from diana.northnetworks.ca (att-ws20.switchview.com [216.13.70.20])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C8ED343F75
	for <questions@freebsd.org>; Tue, 27 May 2003 08:15:02 -0700 (PDT)
	(envelope-from iaccounts@northnetworks.ca)
Received: from diana.northnetworks.ca (localhost.northnetworks.ca [127.0.0.1])
	h4RFEuDI030245;	Tue, 27 May 2003 11:14:56 -0400 (EDT)
	(envelope-from iaccounts@northnetworks.ca)
Received: from localhost (iaccounts@localhost)h4RFEtrh030242;
	Tue, 27 May 2003 11:14:55 -0400 (EDT)
X-Authentication-Warning: diana.northnetworks.ca: iaccounts owned process
	doing -bs
Date: Tue, 27 May 2003 11:14:55 -0400 (EDT)
From: Steve Bertrand <iaccounts@northnetworks.ca>
To: "H.Wade Minter" <minter@lunenburg.org>
In-Reply-To: <022A3DDE-8D82-11D7-8241-000393C3212A@lunenburg.org>
Message-ID: <20030527111327.W28747@diana.northnetworks.ca>
References: <022A3DDE-8D82-11D7-8241-000393C3212A@lunenburg.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: questions@freebsd.org
Subject: Re: IPSec Pass-thru?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 27 May 2003 15:15:04 -0000

> I've got a FreeBSD RELENG_4 firewall/NAT box on my home network.  I
> need to use a Cisco Pix VPN client from within the NAT'd network,
> through the FreeBSD box, out to the corporate gateway.
>
> Can any of the FreeBSD firewalls (ipfw/ipf/etc) allow this pass-thru?
> Or do I need to look at a Linksys appliance or something else?

You should be able to do simple redirect_port with 'esp' and 'ah' (check
/etc/services for port numbers) and port 500 for IKE through natd.

Haven't tried it personally, but I can't see why it won't work.

Steve

>
> Thanks,
> Wade
>
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
>