Yes, there are settings in /etc/network.conf for what you need to do.
To masquerade an IPSec connection through Dachstein (floppy):
- Load the ip_masq_ipsec module (edit /etc/modules)
- Open UDP port 500:
EXTERN_UDP_PORTS="0/0_500"
- Open *Protocol* 50:
EXTERN_PROTO0="50 0/0"
AFAIK, you only need to port-forward UDP port 500 to your internal system if
the remote end will be initiating the VPN link...if you initiate the VPN
link from your end, the masquerade rules will automatically know where to
send the packets.
Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)
----- Original Message -----
From: "Michael Leone" <[EMAIL PROTECTED]>
To: "LEAF-User" <[EMAIL PROTECTED]>
Sent: Monday, January 21, 2002 6:55 PM
Subject: [Leaf-user] Dachstein (floppy) passing IPSec ...
I'm using Dachstein (floppy). I'd like to use the Cisco Secure client,
on a Win98 station on my LAN, to connect to my Pix at work. I do NOT
want the Dachstein to be one end of the IPSec tunnel; only to pass the
IPSec traffic to my (NATed) workstation. (eventually, when I get the
3DES license for my Pix, I'll want the Dachstein to be an end-point. Not
yet, tho)
1. I'd need to load ip_masq_ipsec on Dachstein, yes?
2. I'd need to open port 50, and port-forward protocol 500? Are there
entries already in Dachstein (/etc/ipfilter.conf?) to do this already,
and just need to be uncommented?
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
