subject:"IPSEC\/NAT issues"

Re: IPSEC/NAT issues

2002-10-18 Thread Julien Bournelle

On Fri, Oct 18, 2002 at 04:54:33PM +0200, [EMAIL PROTECTED] wrote:
 I have often wondered about this..
 Surely there must be a way to do it.

Actually, I guess not, they're working on this problem at IETF. Maybe you
could look at this inetrnet-drafts:

draft-ietf-ipsec-nat-reqts-02.txt

Hope it helps,

[EMAIL PROTECTED]

 
 -D
 
  -Original Message-
  From: Thomas Spreng [mailto:spreng;insomniac.ch]
  Sent: Friday, October 18, 2002 11:09 AM
  To: Charles Henrich
  Cc: [EMAIL PROTECTED]
  Subject: Re: IPSEC/NAT issues
  
  
  On Thu, Oct 17, 2002 at 11:15:24AM -0700, Charles Henrich wrote:
   I have a network/firewall where I want to nat an entire 
  network.  However, I
   also want nat traffic to one remote host in particular out 
  on the internet to
   be IPsec'd as well.
   
   [A] (10.x) [B] (Nat) [C] (Real IP)
   
   I've setup IPsec on both machines, and from either machine 
  (B,C) I can ssh to
   the other, with ipsec packets all happening happy as a 
  clam.  However if try a
   connection from behind the nat box to the remote host (A,C) 
  the key exchange
   works fine (between BC), but then no data flows back and 
  forth.  Anyone have
   any suggestions on this?  Thanks!
   
   -Crh
  hi charles,
  
  im not sure if i understand your problem right but just keep 
  in mind that you
  cannot make a NAT between an IPSec connection. This is 
  because the address
  translation rewrites the ip headers and the ipsec 
  authentification header 
  prevents the packet from being altered.
  
  greets
  
  To Unsubscribe: send mail to [EMAIL PROTECTED]
  with unsubscribe freebsd-questions in the body of the message
  
 -
 ATTENTION:
 The information in this electronic mail message is private and
 confidential, and only intended for the addressee. Should you
 receive this message by mistake, you are hereby notified that
 any disclosure, reproduction, distribution or use of this
 message is strictly prohibited. Please inform the sender by
 reply transmission and delete the message without copying or
 opening it.
 
 Messages and attachments are scanned for all viruses known.
 If this message contains password-protected attachments, the
 files have NOT been scanned for viruses by the ING mail domain.
 Always scan attachments before opening them.
 -
 
 To Unsubscribe: send mail to [EMAIL PROTECTED]
 with unsubscribe freebsd-questions in the body of the message

To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message

IPSEC/NAT issues

2002-10-17 Thread Charles Henrich

I have a network/firewall where I want to nat an entire network.  However, I
also want nat traffic to one remote host in particular out on the internet to
be IPsec'd as well.

[A] (10.x) [B] (Nat) [C] (Real IP)

I've setup IPsec on both machines, and from either machine (B,C) I can ssh to
the other, with ipsec packets all happening happy as a clam.  However if try a
connection from behind the nat box to the remote host (A,C) the key exchange
works fine (between BC), but then no data flows back and forth.  Anyone have
any suggestions on this?  Thanks!

-Crh

   Charles Henrich   [EMAIL PROTECTED]

http://www.sigbus.com/~henrich

To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message

Re: IPSEC/NAT issues

IPSEC/NAT issues

2 matches

Site Navigation

Mail list logo

Footer information