IPSEC/NAT

[Luke Kearney]

The short answer to your question is yes. I don't use NATD I use IPNAT
but I am sure the theories are the same. I found that the challenge was
to get the port forwarding right. It also makes using dynamic addresses
internally a challenge but I cheated and used statics instead. 

Then again after reading your mail again I am not sure that I completely
understand what type of tunnel you are wanting to use. If it is a cisco
vpn client you are using then nothing really special needs to be done
except to ensure that the return traffic gets redirected properly. If it
is the M$ PPTP implementation that is a bit more tricky as you need to
ensure that you get inbound traffic on 1723 redirected to your internal
machine. If your company uses a neat IPSec implementation then it should
be possible with the co-operation of your companies firewall admin to
set up the gateway to have an IPSec tunnel to the office and all packets
destined for company's network ie 10.0.10.0 routed along the gif
interface ( read man gif ) and all other traffic via the normal net.

HTH

LukeK


On Sun, 19 Oct 2003 00:10:11 +0000
cscott at speakeasy.net granted us these pearls of wisdom:

> Is it possible for FBSD's nat daemon to route IPSEC traffic properly? What I am trying to do is use my FBSD gateway that already NAT's my dsl connection to allow me to use a IPSEC VPN client to connect to my company's network. I have been through the howto's, and forums, but I am not certain that it can do what I need it to do. 
> 
> 
> Thanks,
> Casey
> 
> 
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"