On Fri, Oct 18, 2002 at 04:54:33PM +0200, [EMAIL PROTECTED] wrote:
I have often wondered about this..
Surely there must be a way to do it.
Actually, I guess not, they're working on this problem at IETF. Maybe you
could look at this inetrnet-drafts:
draft-ietf-ipsec-nat-reqts-02.txt
Hope it helps,
[EMAIL PROTECTED]
-D
-Original Message-
From: Thomas Spreng [mailto:spreng;insomniac.ch]
Sent: Friday, October 18, 2002 11:09 AM
To: Charles Henrich
Cc: [EMAIL PROTECTED]
Subject: Re: IPSEC/NAT issues
On Thu, Oct 17, 2002 at 11:15:24AM -0700, Charles Henrich wrote:
I have a network/firewall where I want to nat an entire
network. However, I
also want nat traffic to one remote host in particular out
on the internet to
be IPsec'd as well.
[A] (10.x) [B] (Nat) [C] (Real IP)
I've setup IPsec on both machines, and from either machine
(B,C) I can ssh to
the other, with ipsec packets all happening happy as a
clam. However if try a
connection from behind the nat box to the remote host (A,C)
the key exchange
works fine (between BC), but then no data flows back and
forth. Anyone have
any suggestions on this? Thanks!
-Crh
hi charles,
im not sure if i understand your problem right but just keep
in mind that you
cannot make a NAT between an IPSec connection. This is
because the address
translation rewrites the ip headers and the ipsec
authentification header
prevents the packet from being altered.
greets
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message
-
ATTENTION:
The information in this electronic mail message is private and
confidential, and only intended for the addressee. Should you
receive this message by mistake, you are hereby notified that
any disclosure, reproduction, distribution or use of this
message is strictly prohibited. Please inform the sender by
reply transmission and delete the message without copying or
opening it.
Messages and attachments are scanned for all viruses known.
If this message contains password-protected attachments, the
files have NOT been scanned for viruses by the ING mail domain.
Always scan attachments before opening them.
-
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message