[Openswan Users] openswan, cisco pix and nat problem
Michael Schwartzkopff
misch at multinet.de
Thu May 12 18:01:23 CEST 2005
I don't think such a configuration will work since the is nothing like:
iptables -t nat -L PREROUTING --to-source ...
>
> LAN-192.168.1.x--NAT ROUTER--10.0.10.x----F/W---public
> internet----F/W----10.0.11.x
>
> for me this would make it easier to trouble shoot problems...
>
> linux machines are cheap..use that to your advantage...
>
> http://openvpn.net/archive/openvpn-devel/2004-10/msg00012.html
>
> On 5/12/05, Markus Feilner <lists at feilner-it.net> wrote:
> > Am Donnerstag, 12. Mai 2005 14:40 schrieb Paul Wouters:
> > > On Thu, 12 May 2005, Markus Feilner wrote:
> > > > I have a problem with connections to a cisco pix. The VPN Partner
> > > > wants me to nat/masquerade my traffic with my outside public IP.
> > >
> > > I do not understand the question. IPsec traffic cannot be rewritten by
> > > NATs. What is it exactly that you want or need to get done?
> >
> > Thanks for answering.
> >
> > I have two local subnets in which there are five hosts who are to connect
> > through the tunnel to four hosts on the other side (one large subnet).
> > Normally: Two tunnels, and that's it.
> > But the VPN Partner wants me to do NAT and Masquerade the IPs of the five
> > local Hosts for the VPN, so that he only needs to enter the public IP of
> > my net in his configuration.
> > So it's not the IPSEc Traffic, that is masqueraded, but the traffic
> > inside the tunnel.
> >
> > > > Has anybody solved Masquerading/Natting the VPN traffic, so that
> > > > connections from several local to several remote hosts are possible?
> > >
> > > that is still problematic in most cases. You are better of setting up a
> > > subnet-subnet tunnel.
> >
> > I would prefer that by far! But this is tougher to manage for th other
> > side cisco-pix(!)
> >
> > > Paul
> >
> > --
> > mit freundlichen Grüssen,
> > Markus Feilner
> > --
> > Feilner IT Linux & GIS
> > Linux Solutions, Training, Seminare und Workshops - auch Inhouse
> > Beraiterweg 4 93047 Regensburg
> > fon +49 941 9465243 fax +49 941 9465244 mobil + +49 170 3027092
> > mail mfeilner at feilner-it.net web http://www.feilner-it.net
> > _______________________________________________
> > Users mailing list
> > Users at openswan.org
> > http://lists.openswan.org/mailman/listinfo/users
>
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
--
Dr. Michael Schwartzkopff
MultiNET Services GmbH
Bretonischer Ring 7
85630 Grasbrunn
Tel: (+49 89) 456 911 - 0
Fax: (+49 89) 456 911 - 21
mob: (+49 174) 343 28 75
PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B
Skype: misch42
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20050512/2a13c130/attachment-0001.bin
More information about the Users
mailing list