[Openswan Users] One side NAT other side not??

jham at gnumax.com jham at gnumax.com
Thu Aug 24 20:18:53 EDT 2006

> On Thu, 24 Aug 2006, jham at gnumax.com wrote:
>> I have a question on Openswan configuration for a tunnel through
>> OpenSwan
>> and CheckPoint. The checkpoint side is not NAT-ted. The OpenSwan is
>> NATed.
>> The solution suggested is as follows for the LinuxGW ipsec.conf
>> Left: (local private IP)
>> Left ID:      PublicNATIP (local public IP)
>> Left subnet:
>> Right:        CP PublicNONATIP (remote public IP)
>> Right subnet:
>> Is this correct??
>> I have been unsucessful to this point applying any PRE-Routing rules to
>> disable NAT to the remote destination.
> iptables -I PREROUTING -i internalinterface -s -d
> iptables -A PREROUTING -i internalinterface -s -j SNAT
> --to-source PublicNATIP
> This will prevent NATing packets for IPsec.
> Paul
> --
> Building and integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
   Thank you for the quick response!
I will disregard the info from the SmoothWall forum and comment out the
left id parmeter and try the iptables PREROUTING rules. I will let you
know how it goes. If that fails I will forward the usual conf and ipsec
barf files.


p.s. Great book by the way :)

More information about the Users mailing list