From owner-freebsd-ipfw Sun Jan 21 17:38:25 2001 Delivered-To: freebsd-ipfw@freebsd.org Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82]) by hub.freebsd.org (Postfix) with ESMTP id 29C6F37B400 for ; Sun, 21 Jan 2001 17:38:08 -0800 (PST) Received: from rfx-216-196-73-168.users.reflexcom.com ([216.196.73.168]) by mailhost01.reflexnet.net with Microsoft SMTPSVC(5.5.1877.197.19); Sun, 21 Jan 2001 17:36:18 -0800 Received: (from cjc@localhost) by rfx-216-196-73-168.users.reflexcom.com (8.11.1/8.11.0) id f0M1c9067590; Sun, 21 Jan 2001 17:38:09 -0800 (PST) (envelope-from cjc) Date: Sun, 21 Jan 2001 17:38:08 -0800 From: "Crist J. Clark" To: "Cambria, Mike" Cc: The Babbler , freebsd-ipfw@FreeBSD.ORG Subject: Re: IPSEC tunnelling Message-ID: <20010121173807.B10761@rfx-216-196-73-168.users.reflex> Reply-To: cjclark@alum.mit.edu References: <3A6D367EA1EFD4118C9B00A0C9DD99D7064AE8@rerun.lucentctc.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <3A6D367EA1EFD4118C9B00A0C9DD99D7064AE8@rerun.lucentctc.com>; from mcambria@avaya.com on Sun, Jan 21, 2001 at 07:35:40PM -0500 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sun, Jan 21, 2001 at 07:35:40PM -0500, Cambria, Mike wrote: > > FYI -- I'm doing it now. If you can read this it works with the following > high level setup: > > I'm using IPSec tunnel mode, with ESP, but no authentication. I'm also not > using AH. Tunnel mode is troublesome to mix with NAT. AH is impossible to run through NAT. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message