[Openswan Users] openSWAN to Cisco IOS
Paul Wouters
paul at xelerance.com
Fri Nov 24 17:24:29 EST 2006
On Fri, 24 Nov 2006, Christian Brechbühler wrote:
> Well our subnet is 10.0.0.0/24, so that doesn't match anyway. The Cisco
> side instructed us to source-network-addres-translate all packets destinated
> to them, which we do with this rule:
>
> -A POSTROUTING -d 10.14.8.0/255.255.255.0 -o eth1 -j SNAT --to-source
> 192.168.232.10
Be careful to NAT before IPsec ebcapsulation. With KLIPS that is easy, you
just specify NAT on the ipsec interfaces. With NETKEY it requires 2.6.17+
or so, I am not entirely sure what is currently the proper way of doing
it..
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list