[Openswan Users] IPSec nat-t problem !
Michael Schwartzkopff
misch at multinet.de
Wed Feb 15 20:36:05 CET 2006
Am Mittwoch, 15. Februar 2006 14:36 schrieb Pjothi:
> resending the message: last msg was not clear
>
> Hello all,
>
> I have the following LAN scenario
(...)
Hi,
sorry to say that: But you should NOT start using ipsec at all if you did not
understand NAT completely. Your setup and the way you describe it have
serious problems. Please learn first to do NAT correcly and only afterwards
do ipsec. Do know of PREROUTING, POSTROUTING and MASQ?
By the way: Did you understand between which computers you want to establish
the VPN connection? Gateway and external computer or both workstations with
the gateway doing NAT? Please sit down and think about your setup. Every
heard of proxy ARP usage in NAT setup?
Seriously: Be sure you understood NAT, can work with it, and have a running
test setup and only then start trying to understand ipsec.
Greetings,
--
Dr. Michael Schwartzkopff
MultiNET Services GmbH
Bretonischer Ring 7
85630 Grasbrunn
Tel: (+49 89) 456 911 - 0
Fax: (+49 89) 456 911 - 21
mob: (+49 174) 343 28 75
PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B
Skype: misch42
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20060215/b6848b09/attachment.bin
More information about the Users
mailing list