Re: IPNAT with IPSEC
This is a discussion on Re: IPNAT with IPSEC within the IPFilter forums, part of the System Security and Security Related category; On Wed, Jun 25, 2003 at 07:28:40PM +1000, Carl Morley wrote: > > Private IP | (A) | | | | (B) | | Private &...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
06-26-2003
|
|||
|
|||
Re: IPNAT with IPSEC
On Wed, Jun 25, 2003 at 07:28:40PM +1000, Carl Morley wrote:
> > Private IP | (A) | | | | (B) | | Private > IP > subnets at----| FIREWALL |-----| INTERNET |-----| FIREWALL |---| subnet > at > company (A) | | | | | | | company > (B) > > Firewall (B) is expecting all IPSEC traffic to be coming from the public > IP address on Firewall (A), as tunnelled private IP subnet > 10.99.99.0/30. > > I am trying to NAT all the internal subnets at (A) to 10.99.99.1. But > it does not seem to work whichever way I try. > > Questions: > > 1. On which interface should I alias the 10.99.99.1 IP on Firewall (A). > Choices seem to be internal (fxp2), external (fxp1), loopback (lo0) or > some gif0 combination. Any other suggestions? alias? You mean NAT. NAT rewrites source addresses on outgoing interfaces. This means that you should do IPSEC on a different system after the ipfilter host. -Guido 
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT +1. The time now is 08:28 AM.
