Hi everyone,
I'm having some issues with an ipsec connection with vpnc (isakmp is
not an option, since does not support xauth, and I don't control the
other end) from an OpenBSD firewall/router to a Cisco device.
I think problems could be natt related so I would like to eliminate
nat from the equation, but the problem is that the "outside" interface
is a private address. This firewall routes between a DMZ (public /29),
a LAN segment (private /24), and the outside (private /30).
------ LAN ------- OpenBSD ------ 10.90.0.0/30 --- Outside Router ------ INET
|
|
DMZ (public /29)
Right now, I need to NAT on the Outside Router, since internet routed
packets from the OpenBSD box go out with a private address.
What I would like to achieve is that packets destined to internet get
sourced with DMZ's interface, which is internet routable, and without
pf tricks(I don't want NAT, remember).
Bridging is not an option, since the Outside router needs its own IP
for its own purposes.
I don't know it its possible. If it's, please, let me know (pointing a
man page would be OK).
Thanks in advance
