IPSec VPN & NATD (problem with alias_address vs redirect_address)

[Vincent Goupil]

I setup a firewall with ipfw2 and natd on freebsd 4.9 release.

I have mapped my subnet with alias_address
I have mapped 4 private ip address with 4 public ip address

Everything is working fine (web, email, ftp, etc..) for outgoing and
incoming connexion for anyone on my network.

With this configuration, 5 person at a time (on my network) could dial to
the same VPN server.
4 with different IP and the one with the alias_address.  I supposed that
only one person at a time can use the alias_address with the IPSec VPN (I
think, tell me if I'm wrong)

I have authorized AH and ESP to pass through my firewall.
Also incoming UDP 500

I'm able to use the VPN for the people mapped with alias_address.
I can't use the VPN with the people using the redirect_address.

Is there any problem with the redirect_address directive with natd for the
protocol 51 and 51.

Is there any other way to have these 5 people at the same time to
communicate to the same vpn server ?
I though that I could use the redirect_address to do that.  So the incoming
connexion to the VPN server appear from a different IP source address.

Vincent Goupil
Administrateur réseau / Network administrator