IPSec, nat on enc device
Eric Masson
emss at free.fr
Sun Nov 8 17:48:33 UTC 2009
Eric Masson <emss at free.fr> writes:
Hi Bjoern,
> Ok, I've never used ipfw so shot in the dark.
>
> If I had to nat 192.168.85.0/24 to 10.0.0.1 to access 192.168.201.0/24,
> I would have to setup the following :
>
> ipfw add divert natd all from 192.168.85.0/24 to 192.168.201.0/24 in
> natd -alias_address 10.0.0.1
> setkey -c << EOD
> spdadd 10.0.0.1/32 192.168.201.0/24 any -P out ipsec
> esp/tunnel/mygw-theirgw/require ;
> spdadd 192.168.201.0/24 10.0.0.1/32 any -P in ipsec
> esp/tunnel/theirgw-mygw/require ;
> EOD
>
> Does it seem reasonable or do I miss something ?
Seems I miss something, as tests don't work at all.
Could you elaborate on incoming nat & ipsec please ?
Regards
--
J'ai reçu un mail parlant d'un petit garçon malade. Je l'ai transféré à
tous ceux que je connaissais. On me dit que c'est un attrape couillons.
Est-ce vrai? Suis-je vraiment aussi con que le prétend ma femme?
-+-C in GNU - Le plus dur dans le mariage, c'est d'en sortir vivant -+-
More information about the freebsd-net
mailing list