<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<style>
<!--
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:Arial;
color:windowtext;}
@page Section1
{size:595.3pt 841.9pt;
margin:70.85pt 85.05pt 70.85pt 85.05pt;}
div.Section1
{page:Section1;}
-->
</style>
</head>
<body lang=ES link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Hi people<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face="Courier New"><span
lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'>I'm using
openswan ipsec in a linux servers that are firewall/gateway to small local
networks.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'> My
network is <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'> LAN
(192.168.1.0) ---- > VPNGW1/FIREWALL (internal: 192.168.1.1 external: myPublicIP)
---- > INTERNET ---- > VNPGW2 (extPublicIP) ------ > HOST(publicDest).<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face=Arial><span
lang=EN-US style='font-size:10.0pt;font-family:Arial'>And my configuration is this:<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:70.8pt'><font size=2 face=Arial><span
lang=EN-US style='font-size:10.0pt;font-family:Arial'>conn vnpwg1-vpngw2<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:70.8pt'><font size=2 face=Arial><span
lang=EN-US style='font-size:10.0pt;font-family:Arial'>
auth=esp<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:70.8pt'><font size=2 face=Arial><span
lang=EN-US style='font-size:10.0pt;font-family:Arial'>
authby=secret<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:70.8pt'><font size=2 face=Arial><span
lang=EN-US style='font-size:10.0pt;font-family:Arial'>
auto=add<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:70.8pt'><font size=2 face=Arial><span
lang=EN-US style='font-size:10.0pt;font-family:Arial'>
esp=3des-sha1,3des-sha1<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:70.8pt'><font size=2 face=Arial><span
lang=EN-US style='font-size:10.0pt;font-family:Arial'>
ike=3des-sha1,3des-sha1<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:70.8pt'><font size=2 face=Arial><span
lang=EN-US style='font-size:10.0pt;font-family:Arial'>
keyexchange=ike<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:70.8pt'><font size=2 face=Arial><span
lang=EN-US style='font-size:10.0pt;font-family:Arial'>
keyingtries=5<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:70.8pt'><font size=2 face=Arial><span
lang=EN-US style='font-size:10.0pt;font-family:Arial'>
left=myPublicIP<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:70.8pt'><font size=2 face=Arial><span
lang=EN-US style='font-size:10.0pt;font-family:Arial'>
leftsubnet=192.168.1.0/24<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:70.8pt'><font size=2 face=Arial><span
lang=EN-US style='font-size:10.0pt;font-family:Arial'>
pfs=yes<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:70.8pt'><font size=2 face=Arial><span
lang=EN-US style='font-size:10.0pt;font-family:Arial'>
right=extPublicIP<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:70.8pt'><font size=2 face=Arial><span
lang=EN-US style='font-size:10.0pt;font-family:Arial'>
rightsubnet=publicDest/32<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face=Arial><span
lang=EN-US style='font-size:10.0pt;font-family:Arial'>If I use this
configuration fom any machine on my Lan I cant ping publicDest , my firewall is
set to allow all traffic and nat traffic from my LAN like this:<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face=Arial><span
lang=EN-US style='font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face=Arial><span
lang=EN-US style='font-size:10.0pt;font-family:Arial'>iptables -P INPUT ACCEPT<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face=Arial><span
lang=EN-US style='font-size:10.0pt;font-family:Arial'>iptables -P OUTPUT ACCEPT<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face=Arial><span
lang=EN-US style='font-size:10.0pt;font-family:Arial'>iptables -P FORWARD DROP<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face=Arial><span
lang=EN-US style='font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face=Arial><span
lang=EN-US style='font-size:10.0pt;font-family:Arial'>iptables -A
INPUT -j LOG --log-level DEBUG --log-prefix "INPUT:"<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face=Arial><span
lang=EN-US style='font-size:10.0pt;font-family:Arial'>iptables -A OUTPUT
-j LOG --log-level DEBUG --log-prefix "OUTPUT:"<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face=Arial><span
lang=EN-US style='font-size:10.0pt;font-family:Arial'>iptables -A
FORWARD -j LOG --log-level DEBUG --log-prefix "FORWARD:"<o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face=Arial><span
lang=EN-US style='font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face=Arial><span
lang=EN-US style='font-size:10.0pt;font-family:Arial'>iptables -t nat -A
POSTROUTING -o eth0 -j SNAT --to-source myPublicIP<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'> <o:p></o:p></span></font></p>
<p class=MsoNormal style='text-indent:35.4pt'><font size=2 face=Arial><span
lang=EN-US style='font-size:10.0pt;font-family:Arial'>But from my private lan
not work to ping to publicDest, any idea?<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'>Best regards.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'>Cristian<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=EN-US style='font-size:
10.0pt;font-family:Arial'><o:p> </o:p></span></font></p>
</div>
</body>
<!--[object_id=#scio-sa.com#]--><FONT face=Tahoma size=2><FONT color=#0000ff>
<P class=MsoNormal><FONT face=Verdana color=navy size=2><SPAN style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Verdana">********************************************************************</SPAN></FONT><?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p></P>
<P class=MsoNormal><FONT face=Verdana color=navy size=2><SPAN style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Verdana">NOTA DE CONFIDENCIALIDAD / CONFIDENTIALITY NOTE </SPAN></FONT><o:p></o:p></P>
<P class=MsoNormal><FONT face=Verdana color=navy size=2><SPAN style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Verdana">Este mensaje y sus anexos son confidenciales y pueden contener informacion (i) de propiedad exclusiva de Scio S.A. sus afiliadas o subsidiarias; o (ii) amparada por el secreto profesional. Si usted ha recibido este fax o e-mail por error, por favor, comuniquelo inmediatamente via fax o e-mail y tenga la amabilidad de destruirlo; no debera copiar el mensaje ni divulgar su contenido a ninguna persona. Muchas gracias.</SPAN></FONT><o:p></o:p></P>
<P class=MsoNormal><FONT face="Times New Roman" size=3><SPAN style="FONT-SIZE: 12pt"><o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Verdana color=navy size=2><SPAN style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Verdana">This message (including attachments) is confidential. It may also contain information that (i) is exclusively property of Scio S.A. or its affiliates or subsidiaries; or (ii) is privileged or otherwise legally exempt from disclosure. If you have received it by mistake please let us know by fax or e-mail immediately and destroy or delete it from your files or system; you should also not copy the message nor disclose its contents to anyone. Thank you.</SPAN></FONT><o:p></o:p></P>
<P class=MsoNormal><FONT face=Verdana color=navy size=2><SPAN style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Verdana">********************************************************************</SPAN></FONT></P></FONT></FONT></html>