Thanks! Actually I only used the transport mode of IPsec here to protect the traffic between two hosts. I have 3 hosts, say A, B and C, and A cannot reach C. So I configure NAT on B, and define rdr rule to redirect all the traffic destining to some port on B to C. Besides, I hope the communication between A and B to be secured, so I choose IPsec transport mode. Now once I configure IPsec, rdr rules will not take effect. Do we have any other options to implement such scenario (or other methods to encrypt the traffic between two hosts) ? Because we probably have hundreds of hosts like C belonging to different network , we don't want to run hundreds of SSH processes to do remote port forwarding, or created hundreds of IPsec tunnels (VPN) between A and B for accessing different networks via B. Any help will be appreciate!
-----Original Message----- From: Dan McDonald [mailto:[email protected]] Sent: Tuesday, February 17, 2009 10:52 AM To: Hao Wu Cc: [email protected] Subject: Re: [networking-discuss] NAT and IPsec, who is first in Solaris? On Mon, Feb 16, 2009 at 06:40:31PM -0800, Hao Wu wrote: > Does it means we could implement policy NAT including TCP/UDP port using > IPsec NAT-traversal? I don't think so. The PFHOOKS that ipfilter uses still occur after IPsec happens. Sorry, Dan _______________________________________________ networking-discuss mailing list [email protected]
