Hi everyone, I'm having some issues with an ipsec connection with vpnc (isakmp is not an option, since does not support xauth, and I don't control the other end) from an OpenBSD firewall/router to a Cisco device.
I think problems could be natt related so I would like to eliminate nat from the equation, but the problem is that the "outside" interface is a private address. This firewall routes between a DMZ (public /29), a LAN segment (private /24), and the outside (private /30). ------ LAN ------- OpenBSD ------ 10.90.0.0/30 --- Outside Router ------ INET | | DMZ (public /29) Right now, I need to NAT on the Outside Router, since internet routed packets from the OpenBSD box go out with a private address. What I would like to achieve is that packets destined to internet get sourced with DMZ's interface, which is internet routable, and without pf tricks(I don't want NAT, remember). Bridging is not an option, since the Outside router needs its own IP for its own purposes. I don't know it its possible. If it's, please, let me know (pointing a man page would be OK). Thanks in advance