Hi to all!,
sorry for being a little bit OT, but maybe you could answer my
question :)
I have a customer that uses 192.168.0.0/24 on his LAN and is
protected by a firewall based on OpenBSD 3.6 with PF. He needs to
bring up an IPSEC tunnel to another entity with ISAKMPD and I am the
consultant that should make evetyrhing work.
This other entity already has a tunnel to another more LAN that uses
192.168.0.0/24 and asks me to NAT in some way the private addresses
of my customer.
I tried to assing an IP address to enc0 interface (and it works),
then I put a "nat on enc0 from $LAN to $ENTITY -> enc0" and it works,
but I need to bring up two flows, one for 192.168.0.0/24 and one for
192.168.13.0/24 (that is the address range I would like to use for
NAT), because if I bring up only the flow for 192.168.13/24 packets
coming from 192.168.0/24 would not be matched and would not pass
through enc0.
This is, practitally, of no use except for experimental tests.
Does anyone have some good idea or had the same problem???
TIA
Andrea