NATED IPSEC Server, is it poosible? I get the error: no connection
is known for ...
foren.titze at gmx.net
Tue Jun 28 12:59:09 CEST 2005
I try to move my ipsec server (with openswan 2.3.1 and kernel 2.6.11) behind a
Firewall that does SNAT and DNAT.
my working config is: Server has an externel 195.xxx.xxx.xxx IP and wouldn't
now i try to change the external IP into 10.0.0.x. The eth0 has the 10.0.0.x
IP and the left= parameter is set to 10.0.0.58.
All services are restarted.
The firewall change the 195.xxx.xxx.xxx IP to 10.0.0.58 and backwards with
DNAT and SNAT.
Now I get this error:
220.127.116.11 #2: cannot respond to IPsec SA request because no connection is
known for 195.xxx.xxx.22/32===10.0.0.58[C=DE, ST=NRW, L=Duesseldorf, O=xxx,
OU=Server-Cert, CN=klaus, E=xxx at www.de]:17/1701...18.104.22.168[C=DE,
ST=NRW, L=Duesseldorf, O=xxx, OU=Unix-Admin, CN=klais,
E=klais at www.de]:17/1701
I the a alternative to NAT the server.
Clients are always nated too.
More information about the Users