Re: FreeBSD ipsec and NAT

• Previous message: Simon Taylor: "FreeBSD ipsec and NAT"
• In reply to: Simon Taylor: "FreeBSD ipsec and NAT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 3 Mar 2004 14:01:45 -0500
To: Simon Taylor <Simon.Taylor@corizon.com>

This appears to be off-topic for this list, but here are some resources you might wish to look at...

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html

http://www.freebsddiary.org/ipsec-tunnel.php

http://www.daemonnews.org/200101/ipsec-howto.html

I'm sure there will be more available via Google.

On 0, Simon Taylor <Simon.Taylor@corizon.com> allegedly wrote:
> Hi All,
> I currently have setup a site to site vpn using racoon on my freebsd
> firewall. All is well there and I can connect through the vpn when I am
> on the firewall and get the connection fine.
> Now I want to be able to connect from other machines through the
> firewall - this is where I come unstuck, the ipsec policy allows for my
> external address range to connect through the vpn, but then I would like
> my internal addresses to first get translated and then routed through
> the tunnel. But instead when I connect with my internal addresses they
> get translated, but then try and use the conventional gateway on the
> machine instead of picking up the ipsec policy.
> If that makes sense... I am using FreeBSD, ipf, ipnat and racoon.
> Any help appreciated
> Simon
>
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
>
-------------------------------------------------------------
Nigel Houghton Research Engineer Sourcefire Inc.
                 Vulnerability Research Team

In an emergency situation involving two or more officers of equal rank,
seniority will be granted to whichever officer can program a vcr.
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: Simon Taylor: "FreeBSD ipsec and NAT"
• In reply to: Simon Taylor: "FreeBSD ipsec and NAT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: Sandboxing ... the 3Com Embedded Firewall would be extremely useful and enabling (in ... your case) when you look at it in a VPN context. ... This security policy will accomplish quite a few things: ... During the Policy Server installation, ... (Focus-IDS) Re: VPN Firewall for new webserver ... > I'm setting up a webserver at a colocation and I need to put a VPN ... You're not going to get a quality firewall for that amount, ... and D-Link makes a DI-804HV unit ... users access to the SQL server, let them do it through a VPN session. ... (comp.security.firewalls) Re: Firewall Info/Recommendations? ... I would seriously consider an air-gap solution. ... Let me outline a few features that no other firewall can touch. ... Provide secure access without a VPN from any web browser (this greatly ... > manageable without much higher-level support if you want things like ... (comp.security.firewalls) Re: [fw-wiz] Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) ... complexity and architectural inelegance of having 3-5 gateway security ... VPN) convinced me to eventually champion a migration to Symantec's SGS ... Nice balance of "default deny" at the firewall, ... (Firewall-Wizards) Re: two winxp home machines, varied results ... >The only firewall I have on my machine *aside* from the Cisco VPN ... Please don't change "restrictAnonymoussam", only ... >Here is the IPCONFIG and BROWSTAT listings for each machine. ... (microsoft.public.windowsxp.network_web)