Hi-- On Feb 17, 2010, at 3:06 PM, Bill Tillman wrote: > The tech told me that I need to forward ports 500 and 4500 with my FreeBSD > router to the small VPN router inside my LAN. That's simple enought but then > he tells me I need to redirect all EPS and all AH traffic as well. I guess > this is where FreeBSD+NATD+IPFW hits the wall when working with Cisco or is > it? I gotta believe this can work but I don't know how the heck to do it and > the tech at our IT consultant is totally lost when it comes to anything > besides Cisco equipment. > Has anyone got a suggestion on how to do a port redirect with natd to pickup > these EPS and AH packets. I added some new lines to my /etc/natd.conf file > and the AH part seemed ok but the console screen immediately said what the > heck is EPS. And worse it did not work. Only when I put the VPN router > outside of my existing router does this setup work. I really want to keep > this thing inside my LAN or even better would be how do I get my existing > router to work as a VPN on it's own?
When I was dealing with the Cisco VPN client, I was doing so with IPFW+natd and you need 500/udp, 4500/udp, 62515/udp, 1723/tcp, 10000/tcp, and the GRE protocol. In my case, /etc/natd.conf contained: punch_fw 10000:100 redirect_proto gre 10.1.1.247 redirect_port udp 10.1.1.247:500 500 redirect_port udp 10.1.1.247:4500 4500 redirect_port udp 10.1.1.247:62515 62515 redirect_port tcp 10.1.1.247:10000 10000 redirect_port tcp 10.1.1.247:pptp pptp ...to send the traffic to a VPN endpoint located at IP 10.1.1.247. Regards, -- -Chuck _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
