> I have a Dachstein box that does NAT and port forwarding for my network. I > would now like to implement a VPN. I replaced the kernel with an IPSEC > enabled one, and loaded the needed modules. I have the box able to boot > and still NATing and port forwarding but get error messages. I do not have > the exact messages, but would like to know if what I would like to do is > possible. If it is I will post the exact messages. > What I would like is for one LEAF box to: > > NAT > Port Forward > Endpoint of a VPN tunnel > > Please advise if this is possible.
Yes, you can do what you want. The only restraint on VPN's and port-forwarding is the firewall cannot masquerade an internal VPN client (ie running a VPN client on an internal system...sometimes called VPN port-forwarding) at the same time the firewall is serving as a VPN gateway (ie running VPN software on the firewall itself). There are many folks running the standard NAT/masquerading firewall rules, and port forwarding services (like web, dns, e-mail, &c), and using the firewall as an IPSec VPN gateway. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user