Administrators wrote:
Hi,
I'm building VPN connected to CISCO device.
I NEED to translate my LAN adress to a given adress.
The VPN work well when I try doing
ifconfig em0 alias [EMAIL PROTECTED]
ping -S [EMAIL PROTECTED] dest_@
but I didn't manage to translate LAN adresse AND having VPN used.
I can pass throug VPN using actual adress but the CISCO endpoint drop it
or I translate, but packets didn't go in the VPN.
Any idea ?
IPSec does not work across NAT. The problem is authenticated headers
which simply won't work because it assumes the ip header to be untouched.
If you have a natting box this will rewrite the source/destination ip
which means that the recipient cannot verify the authencity of the packet.
You should be able to get things working without AH.
Cheers, Erik
--
Ph: +34.666334818 web: http://www.locolomo.org
X.509 Certificate: http://www.locolomo.org/crt/8D03551FFCE04F0C.crt
Key ID: 69:79:B8:2C:E3:8F:E7:BE:5D:C3:C3:B1:74:62:B8:3F:9F:1F:69:B9
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
