Date: Mon, 17 Apr 2006 19:34:11 +0000 (UTC) From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> To: Kelly Yancey <kbyanc@posi.net> Cc: freebsd-net@freebsd.org Subject: Re: tcpdump and ipsec Message-ID: <20060417192638.U13011@maildrop.int.zabbadoz.net> In-Reply-To: <20060413155210.R73176@gateway.posi.net> References: <442D8E98.6050903@vineyard.net> <20060331222813.GA29047@zen.inc> <20060331223613.GD80492@spc.org> <20060402130227.G99958@atlantis.atlantis.dp.ua> <20060402113516.D76259@maildrop.int.zabbadoz.net> <20060402151039.R51461@atlantis.atlantis.dp.ua> <20060411153224.L55107@gateway.posi.net> <20060411213528.F13011@maildrop.int.zabbadoz.net> <20060413155210.R73176@gateway.posi.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 13 Apr 2006, Kelly Yancey wrote: > I'm curious: how are you performing NAT on your tunnelled traffic? the answer is simple: do not NAT on the ipsec interface though it's not fully correct because I do even NAT traffic that goes like: A ---- lan1(ipsec only) --- gw(NAT) --- lan2(ipsec only) ---- B [ipsec only == esp and ike allowed] so the better explanation perhaps is: do not nat on the ipsec interface of the outgoing direction. -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060417192638.U13011>