Yes, there are settings in /etc/network.conf for what you need to do. To masquerade an IPSec connection through Dachstein (floppy):
- Load the ip_masq_ipsec module (edit /etc/modules) - Open UDP port 500: EXTERN_UDP_PORTS="0/0_500" - Open *Protocol* 50: EXTERN_PROTO0="50 0/0" AFAIK, you only need to port-forward UDP port 500 to your internal system if the remote end will be initiating the VPN link...if you initiate the VPN link from your end, the masquerade rules will automatically know where to send the packets. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ----- Original Message ----- From: "Michael Leone" <[EMAIL PROTECTED]> To: "LEAF-User" <[EMAIL PROTECTED]> Sent: Monday, January 21, 2002 6:55 PM Subject: [Leaf-user] Dachstein (floppy) passing IPSec ... I'm using Dachstein (floppy). I'd like to use the Cisco Secure client, on a Win98 station on my LAN, to connect to my Pix at work. I do NOT want the Dachstein to be one end of the IPSec tunnel; only to pass the IPSec traffic to my (NATed) workstation. (eventually, when I get the 3DES license for my Pix, I'll want the Dachstein to be an end-point. Not yet, tho) 1. I'd need to load ip_masq_ipsec on Dachstein, yes? 2. I'd need to open port 50, and port-forward protocol 500? Are there entries already in Dachstein (/etc/ipfilter.conf?) to do this already, and just need to be uncommented? _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user