Because (I assume) you have only one IP address, anything behind your gateway has to get NATed for it to be able to connect to the internet. A VPN connection (generally) has to run two ways, so doing it behind NAT will be problematic. The best thing to do is either to apply for a routable IP address range (a /28 range will do for most networks) and route real IP via your gateway (make sure to firewall properly) If that's not possible, get them to assign extra IPs to you, of the same number as the amount of boxes you have doing VPN, then set up the addresses as aliases on your gateway and do static NAT. If your VPN solution has the ability to set the port it communicates on, you could also use portforwarding from the gateway to the machines, but that is problematic at the best of times.
If you *HAVE* routable IP ranges behind your NAT and you simply want them to bypass the NAT, the easiest way is to run natd with the -u switch. This will cause natd to only operate on unregistered (eg, 10.0.0.0/8, 192.168.0.0/16) addresses. Will On Monday 10 February 2003 15:26, Pranas Baliuka wrote: > Can someone explain me how to avoid NAT for specific IP ranges? > I have configured IPSec (racoon and setkey) VPN works with gateway > (FreeBSD 4.6), but windows workstations are not able to use VPN > connections. I guess there are collisions with NAT and IPSec, but I need > NAT for accessing internet via my ISP. > > Thanks, > Pranas Baliuka > > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-questions" in the body of the message -- Willie Viljoen Freelance IT Consultant 214 Paul Kruger Avenue, Universitas Bloemfontein 9321 South Africa +27 51 522 15 60 +27 51 522 44 36 (after hours) +27 82 404 03 27 (mobile) [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message