[Openswan Users] Help:IPsec behind firewall and NAT
swcims
swcims at 163.com
Mon Aug 30 14:19:46 CEST 2004
usersHi,All
I am using super-fs1.99.8 on linux with iptables enabled,and this linux box is behind a nat device.The other vpn peer has the same topology:
192.168.1.0/24 LAN
|
--------------
| 192.168.1.1 |
(Linux with super-fs and iptables)
| 101.0.0.1 |
---------------
|
------------
|101.0.0.2 | (NAT device11)
|200.0.0.2 |
-----------
|
INTERNET
|
|
-----------
| 300.0.0.2 | (NAT device2)
| 100.0.0.2 |
------------
|
--------------
| 100.0.0.1 | (winxp ipsec )
| 10.0.0.1 |
--------------
|
|
10.0.0.0/24 LAN
I have excluded NAT MASQ for 192.168.1.0/24 by using iptables' POSTROUTING command.And I enabled "nat_traversal=yes" in super-fs.So would it be sufficent to set up ipsec tunnel successfully?
Any suggestion will be highly appreciated!
Best Regards
swcims
swcims at 163.com
2004-08-30
More information about the Users
mailing list