[Openswan Users] Configuring NAT-T
Vernon A. Fort
vfort at provident-solutions.com
Wed Apr 13 13:55:00 CEST 2005
Paul Wouters wrote:
> On Wed, 13 Apr 2005, Vernon A. Fort wrote:
>
>> I'm trying to get two FC3 firewall/openswan boxes connected using
>> NAT-T. My layout:
>>
>> [RIGHT] 192.168.10.0/24 -> Right Firewall <-> Left Firewall ->
>> 192.168.20.0/24 -> [NAT-T] 192.168.1.0/24 [LEFT]
>
>
> I do not understand this diagram at all. Try writing it with boxes for
> each machine and/or add interface names to IP's involved.
The RIGHT network is comprised of subnets .1 through .10 but we need to
connect to hosts via this VPN which also has a subnet of .1 . My thought
was to create an aliased IP/network on the Left firewall and then NAT
the Aliased VPN network to the .1 on the left.
RIGHT Client RIGHT Firewall RIGHT Firewall LEFT Firewall LEFT Aliased
LEFT client's
internal address public address public address interface IP real
internal network
192.168.10.35 -> 192.168.10.254 -> 66.83.239.70 INTERNET 24.106.111.114
-> 192.168.20.254 -> 192.168.1.0/24
I really only need to connect to ONE of the servers at the left
(192.168.1.1). I need to setup the aliased address so when I connect to
the LEFT's address of 192.168.20.1, it is NAT'ed to the real left
address of 192.168.1.1. Ideally, I would need the NAT to work in both
directions. Keep in mind, both RIGHT and LEFT are Fedora Core 3 and are
the primary firewall's for both sides. As I understand, this means I'm
attempting to preform NAT and IPSEC on the same IPSEC interface.
Thanks for the reply! I'm still stuck with the nat!
Vernon
More information about the Users
mailing list