[Openswan Users] Configuring NAT-T

Vernon A. Fort vfort at provident-solutions.com
Wed Apr 13 13:55:00 CEST 2005

Paul Wouters wrote:

> On Wed, 13 Apr 2005, Vernon A. Fort wrote:
>> I'm trying to get two FC3 firewall/openswan boxes connected using 
>> NAT-T. My layout:
>> [RIGHT] -> Right Firewall <-> Left Firewall -> 
>> -> [NAT-T] [LEFT]
> I do not understand this diagram at all. Try writing it with boxes for
> each machine and/or add interface names to IP's involved.

The RIGHT network is comprised of subnets .1 through .10 but we need to 
connect to hosts via this VPN which also has a subnet of .1 . My thought 
was to create an aliased IP/network on the Left firewall and then NAT 
the Aliased VPN network to the .1 on the left.

RIGHT Client RIGHT Firewall RIGHT Firewall LEFT Firewall LEFT Aliased 
LEFT client's
internal address public address public address interface IP real 
internal network -> -> INTERNET 
-> ->

I really only need to connect to ONE of the servers at the left 
( I need to setup the aliased address so when I connect to 
the LEFT's address of, it is NAT'ed to the real left 
address of Ideally, I would need the NAT to work in both 
directions. Keep in mind, both RIGHT and LEFT are Fedora Core 3 and are 
the primary firewall's for both sides. As I understand, this means I'm 
attempting to preform NAT and IPSEC on the same IPSEC interface.

Thanks for the reply! I'm still stuck with the nat!

More information about the Users mailing list