tcpdump and ipsec
Bjoern A. Zeeb
bzeeb-lists at lists.zabbadoz.net
Mon Apr 17 19:35:11 UTC 2006
On Thu, 13 Apr 2006, Kelly Yancey wrote:
> I'm curious: how are you performing NAT on your tunnelled traffic?
the answer is simple: do not NAT on the ipsec interface though it's
not fully correct because I do even NAT traffic that goes like:
A ---- lan1(ipsec only) --- gw(NAT) --- lan2(ipsec only) ---- B
[ipsec only == esp and ike allowed]
so the better explanation perhaps is:
do not nat on the ipsec interface of the outgoing direction.
--
Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT
More information about the freebsd-net
mailing list