NAT+IPSEC toubles
Hi, I'm building VPN connected to CISCO device. I NEED to translate my LAN adress to a given adress. The VPN work well when I try doing ifconfig em0 alias [EMAIL PROTECTED] ping -S [EMAIL PROTECTED] dest_@ but I didn't manage to translate LAN adresse AND having VPN used. I can pass throug VPN using actual adress but the CISCO endpoint drop it or I translate, but packets didn't go in the VPN. Any idea ? Using 4.9-RELEASE-p4, ipf and ipnat Hubert Adgié. Administrateur Système. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: NAT+IPSEC toubles
Administrators wrote: Hi, I'm building VPN connected to CISCO device. I NEED to translate my LAN adress to a given adress. The VPN work well when I try doing ifconfig em0 alias [EMAIL PROTECTED] ping -S [EMAIL PROTECTED] dest_@ but I didn't manage to translate LAN adresse AND having VPN used. I can pass throug VPN using actual adress but the CISCO endpoint drop it or I translate, but packets didn't go in the VPN. Any idea ? IPSec does not work across NAT. The problem is authenticated headers which simply won't work because it assumes the ip header to be untouched. If you have a natting box this will rewrite the source/destination ip which means that the recipient cannot verify the authencity of the packet. You should be able to get things working without AH. Cheers, Erik -- Ph: +34.666334818 web: http://www.locolomo.org X.509 Certificate: http://www.locolomo.org/crt/8D03551FFCE04F0C.crt Key ID: 69:79:B8:2C:E3:8F:E7:BE:5D:C3:C3:B1:74:62:B8:3F:9F:1F:69:B9 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]