[Openswan Users] IPSec nat-t problem !

Michael Schwartzkopff misch at multinet.de
Wed Feb 15 20:36:05 CET 2006


Am Mittwoch, 15. Februar 2006 14:36 schrieb Pjothi:
> resending the message: last msg was not clear
>
> Hello all,
>
> I have the following LAN scenario
(...)

Hi,

sorry to say that: But you should NOT start using ipsec at all if you did not 
understand NAT completely. Your setup and the way you describe it have 
serious problems. Please learn first to do NAT correcly and only afterwards 
do ipsec. Do know of PREROUTING, POSTROUTING and MASQ?

By the way: Did you understand between which computers you want to establish 
the VPN connection? Gateway and external computer or both workstations with 
the gateway doing NAT? Please sit down and think about your setup. Every 
heard of proxy ARP usage in NAT setup?

Seriously: Be sure you understood NAT, can work with it, and have a running 
test setup and only then start trying to understand ipsec.

Greetings,
-- 
Dr. Michael Schwartzkopff
MultiNET Services GmbH
Bretonischer Ring 7
85630 Grasbrunn

Tel: (+49 89) 456 911 - 0
Fax: (+49 89) 456 911 - 21
mob: (+49 174) 343 28 75

PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B
Skype: misch42
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20060215/b6848b09/attachment.bin


More information about the Users mailing list