[Openswan Users] openswan, cisco pix and nat problem
Markus Feilner
lists at feilner-it.net
Thu May 12 16:51:58 CEST 2005
Am Donnerstag, 12. Mai 2005 14:40 schrieb Paul Wouters:
> On Thu, 12 May 2005, Markus Feilner wrote:
> > I have a problem with connections to a cisco pix. The VPN Partner wants
> > me to nat/masquerade my traffic with my outside public IP.
>
> I do not understand the question. IPsec traffic cannot be rewritten by
> NATs. What is it exactly that you want or need to get done?
Thanks for answering.
I have two local subnets in which there are five hosts who are to connect
through the tunnel to four hosts on the other side (one large subnet).
Normally: Two tunnels, and that's it.
But the VPN Partner wants me to do NAT and Masquerade the IPs of the five
local Hosts for the VPN, so that he only needs to enter the public IP of my
net in his configuration.
So it's not the IPSEc Traffic, that is masqueraded, but the traffic inside the
tunnel.
>
> > Has anybody solved Masquerading/Natting the VPN traffic, so that
> > connections from several local to several remote hosts are possible?
>
> that is still problematic in most cases. You are better of setting up a
> subnet-subnet tunnel.
I would prefer that by far! But this is tougher to manage for th other side
cisco-pix(!)
>
> Paul
--
mit freundlichen Grüssen,
Markus Feilner
--
Feilner IT Linux & GIS
Linux Solutions, Training, Seminare und Workshops - auch Inhouse
Beraiterweg 4 93047 Regensburg
fon +49 941 9465243 fax +49 941 9465244 mobil + +49 170 3027092
mail mfeilner at feilner-it.net web http://www.feilner-it.net
More information about the Users
mailing list