Sandra Hernandez Marsa wrote: > B) We have been sniffing the packets sent from GW1 to GW2 through the > ipsec0 > interface and we've seen that the destination IP is a private IP from > Site > B! How can this be? If that's going on to the Internet it won't get > routed... or could it be that tcpdump is interpreting IPSec? > When you are sniffing on the ipsec0 interface, you are getting at the packets after they've been decrypted. Put snort or tcpdump on eth0 (or whatever the real interface is) and you should see encrypted ESP (ip-proto-50) packets. Alexander Beyn - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
