RE: IPSec VPN & NATD (problem with alias_address vs redirect_address)
From: Thomas S. Crum (tscrum_at_1wisp.com)
Date: 11/13/03
- Previous message: semanticweb Moderator: "Welcome to semanticweb"
- In reply to: Vincent Goupil: "IPSec VPN & NATD (problem with alias_address vs redirect_address)"
- Next in thread: Crist J. Clark: "Re: IPSec VPN & NATD (problem with alias_address vs redirect_address)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: "'Vincent Goupil'" <vgoupil@alis.com>, <freebsd-ipfw@freebsd.org>, <freebsd-net@freebsd.org>, <freebsd-isp@freebsd.org> Date: Thu, 13 Nov 2003 15:23:47 -0500
It's my understanding that certain IPSEC does not encrypt the entire
packet, leaving the header to be mangled by nat or whatever and refused
by the IPSEC machine that you are connecting to. I believe therein your
problem lies.
Best,
Tom
-----Original Message-----
From: owner-freebsd-ipfw@freebsd.org
[mailto:owner-freebsd-ipfw@freebsd.org] On Behalf Of Vincent Goupil
Sent: Thursday, November 13, 2003 12:46 PM
To: 'freebsd-ipfw@freebsd.org'; 'freebsd-net@freebsd.org';
'freebsd-isp@freebsd.org'
Subject: IPSec VPN & NATD (problem with alias_address vs
redirect_address)
I setup a firewall with ipfw2 and natd on freebsd 4.9 release.
I have mapped my subnet with alias_address
I have mapped 4 private ip address with 4 public ip address
Everything is working fine (web, email, ftp, etc..) for outgoing and
incoming connexion for anyone on my network.
With this configuration, 5 person at a time (on my network) could dial
to
the same VPN server.
4 with different IP and the one with the alias_address. I supposed that
only one person at a time can use the alias_address with the IPSec VPN
(I
think, tell me if I'm wrong)
I have authorized AH and ESP to pass through my firewall.
Also incoming UDP 500
I'm able to use the VPN for the people mapped with alias_address.
I can't use the VPN with the people using the redirect_address.
Is there any problem with the redirect_address directive with natd for
the
protocol 51 and 51.
Is there any other way to have these 5 people at the same time to
communicate to the same vpn server ?
I though that I could use the redirect_address to do that. So the
incoming
connexion to the VPN server appear from a different IP source address.
Vincent Goupil
Administrateur réseau / Network administrator
_______________________________________________
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"
_______________________________________________
freebsd-isp@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
- Previous message: semanticweb Moderator: "Welcome to semanticweb"
- In reply to: Vincent Goupil: "IPSec VPN & NATD (problem with alias_address vs redirect_address)"
- Next in thread: Crist J. Clark: "Re: IPSec VPN & NATD (problem with alias_address vs redirect_address)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
