freebsd vpn server behind nat dsl router

Hello Greg,
I am writing you, because I saw your responses to a couple of messages on the freebsd-security mailing list related to freebsd vpn and nat.

My situations is rather unique, and I am needing an expert's eyes to glance at it and confirm whether it is doable or not. I have a simple diagram that illustrates what I am trying to do, and it is located here (about 40k): http://www.hamline.edu/~rjohanne/lan.jpg

In the diag, the dsl modems have dynamic public ips on the internet side, and private ips on the lan side.

As you can see in the diag, I am trying to have the vpn traffic from the internet forwarded to the Freebsd vpn (the machines ending in .254 on each site). I have followed the Freebsd "VPN over Ipsec" in the handbook, and created a tunnel between the two vpn servers; according to the handbook, I should be able to ping the vpn servers using their private network addresses, but I am not able to do that. I realize that my implementation is not exactly like the handbook's, but what do I need to do to get it to work? I have googled, and researched all over the net without much progress.

I have seen a lot of messages related to nat and enabling vpn passthrough on different dsl modems and so forth, which I have tried to do, but still, no progress.

Any clues and pointers would be appreciated.

thanks
robert
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: Problem creating a static VPN between two offices using FW1 & FWZ
    ... > I am trying to create a static VPN between two offices, ... I setup two offices running a VPN tunnel using ... The price and setup was a lot better. ... If you want any help (FreeBSD VPN) let me know. ...
    (comp.security.firewalls)
  • Re: NATting both ways
    ... on my "VPN" network off a PIX 525. ... We are using ip nat inside and ip nat outside on our inside and ... creates a VPN to another router on a remote network. ... crypto map CLIENTMAP client authentication list default ...
    (comp.dcom.sys.cisco)
  • Re: VPN From W2K/Pro to W2K Server Doesn;t Work Through Firewall
    ... My belief is that your NAT ... My understanding is that IPSec AH protocol does not work with NAT devices ... IPSec operates in either one of two modes - transport mode or tunnel mode. ... provide a VPN remote access solution. ...
    (microsoft.public.win2000.security)
  • Re: VPN From W2K/Pro to W2K Server Doesn;t Work Through Firewall
    ... I did know you have Linux for NAT and my original suggestions still stand. ... Windows 2000 server through a Linux router with NAT. ... solution has IPsec passthrough, NAT breaks IPsec AH. ... regardless of what vendor you're using for NAT and VPN. ...
    (microsoft.public.win2000.security)
  • Re: Remote sync with Outlook via WiFi or other alternatives
    ... more about using VPN & PPTP. ... or are we still running into the same problem with NAT? ... No it's not difficutl to configure Wi-Fi or Cellular on a Pocket PC. ... > ability to sync with the Pocket PC) so you can keep everyone up to date. ...
    (microsoft.public.pocketpc.activesync)