RES: RES: [Openswan Users] NAT-T
Domingo Antonio
domingo at netcomp.com.br
Wed Apr 26 17:16:45 CEST 2006
i'm trying to nat on external interface... ( i do not have ipsec0 )
How can i NAT my packets on the internal interfaces ?
thanks a lot
and sorry for my lots of questions.. :)
-----Mensagem original-----
De: Paul Wouters [mailto:paul at xelerance.com]
Enviada em: quarta-feira, 26 de abril de 2006 16:06
Para: Domingo Antonio
Cc: users at openswan.org
Assunto: Re: RES: [Openswan Users] NAT-T
On Wed, 26 Apr 2006, Domingo Antonio wrote:
>
> Hi Paul! :)
>
> I can't reconfigure tunnel :(
> in my scenario Ill need nat-t patch, right?
then the NAT-T patch won't help you, since it is a feature enhancement for
IPsec. You will need to carefully NAT your packets on the internal
interfaces, before encryption takes place, while not doing NAT on the
external interface, which would interfer with the encryption.
Paul
> -----Mensagem original-----
> De: Paul Wouters [mailto:paul at xelerance.com] Enviada em: quarta-feira,
> 26 de abril de 2006 15:48
> Para: Domingo Antonio
> Cc: users at openswan.org
> Assunto: Re: [Openswan Users] NAT-T
>
> On Wed, 26 Apr 2006, Domingo Antonio wrote:
>
> > I have a host-to-host PSK vpn and behind host-left I have 2 client
> > computers that want to access resources on host-rigth ( i'll nat ).
> > Do I need NAT-T patch insteed?
>
> The best is to just setup a VPN host-host tunnel with leftsubnet= and
> rightsubnet= Then you do not need NAT-T
>
> Paul
> --
> Building and integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=2831
> 55
>
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list