[olug] Sonicwall behind linux NAT box?
Brian Roberson
roberson at olug.org
Thu Feb 27 05:39:53 UTC 2003
Lengthy answer, but answers your question-
ipsec is a peer to peer ( or gateway to gateway ) protocol, if you
change src or dst address's you must also change the data in
the ipsec Encapsulated Security Payload (esp) ( like src and dst
as you are in using NAT ) as they are a part of the protocol design.
CISCO IOS 12.2(13) Train has this extended NAT capability, I am not aware
of any linux netfilter module that handles the fixup of the ipsec protocol.
As a side note - if pptp is available on the sonicwall, it will work fine
through nat, but keep in mind pptp uses both tcp ports 1423 as well as GRE
( Ip protocol 47 ).
On Wed, Feb 26, 2003 at 09:56:06PM -0600, Adam Haeder wrote:
> Hello
> Wondering if this is possible and if anyone has done it. I have a client
> that is behind their ISP's linux NAT box, and gets a 10. private IP
> address. The ISP port-forwards a few ports to one of their servers, so
> they have their own website, mail server, etc. Now they want to put up a
> Sonicwall vpn server, and have an external user connect to it.
>
> Has anyone set something up like this before? I've read the
> VPN-Masquerading HOWTO, and while they talk a lot about port forwarding
> PPTP connections, it's pretty light on IPSec based VPNS (of which the
> sonicwall is one).
>
> Any recommendations on the best way to handle this? TIA
>
> --
> Adam Haeder
> Technical Coordinator, AIM Institute
> adamh at omaha.org
> (402) 345-5025 x115
> PGP Public key: http://www.omaha.org/~adamh/pgp.html
>
>
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug
More information about the OLUG
mailing list