[olug] Sonicwall behind linux NAT box?
Brian Roberson
roberson at users.olug.org
Thu Feb 27 05:51:15 UTC 2003
Typo - pptp uses 1723.
also a clarification --
ipsec itself only uses udp/500 ... gre is a common tunnel for ipsec to
run over that is why you may often see the terms together
so - to sumarize -
It will work if you are using ipsec inside a GRE tunnel - this will work fine as the
endpoints are bound by the tunnel addressing scheme and isakmp does not get
translated ( only the GRE endpoints )
On Wed, Feb 26, 2003 at 11:39:53PM -0600, Brian Roberson wrote:
> Lengthy answer, but answers your question-
>
>
> ipsec is a peer to peer ( or gateway to gateway ) protocol, if you
> change src or dst address's you must also change the data in
> the ipsec Encapsulated Security Payload (esp) ( like src and dst
> as you are in using NAT ) as they are a part of the protocol design.
> CISCO IOS 12.2(13) Train has this extended NAT capability, I am not aware
> of any linux netfilter module that handles the fixup of the ipsec protocol.
> As a side note - if pptp is available on the sonicwall, it will work fine
> through nat, but keep in mind pptp uses both tcp ports 1423 as well as GRE
> ( Ip protocol 47 ).
>
>
>
>
More information about the OLUG
mailing list