Administrators wrote:
Hi,

I'm building VPN connected to CISCO device.

I NEED to translate my LAN adress to a given adress.

The VPN work well when I try doing
ifconfig em0 alias [EMAIL PROTECTED]
ping -S [EMAIL PROTECTED] dest_@

but I didn't manage to translate LAN adresse AND having VPN used.

I can pass throug VPN using actual adress but the CISCO endpoint drop it
or I translate, but packets didn't go in the VPN.

Any idea ?

IPSec does not work across NAT. The problem is authenticated headers which simply won't work because it assumes the ip header to be untouched.

If you have a natting box this will rewrite the source/destination ip which means that the recipient cannot verify the authencity of the packet.

You should be able to get things working without AH.

Cheers, Erik
--
Ph: +34.666334818                      web: http://www.locolomo.org
X.509 Certificate: http://www.locolomo.org/crt/8D03551FFCE04F0C.crt
Key ID: 69:79:B8:2C:E3:8F:E7:BE:5D:C3:C3:B1:74:62:B8:3F:9F:1F:69:B9
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to