Hi,
so I introduced fw in front of XP workstation. Topology as follows:
XP <--> BSD_FW1 <--> BSD_FW2 <--> BSD_Server
- XP (ipsec client) connects through BSD_FW2 (ipsec GW) to BSD_Server just fine.
- XP and BSD_FW2 are setup according to my document mentioned earlier
- XP's IP address is nated on BSD_FW1 to external interface IP address
BSD_FW1 policies
set skip on { lo0, enc0, $int_if }
nat on $ext_if inet from 10.0.0.0/24 to any -> $ext_if
block drop all
pass out on $ext_if all keep state
BSD_FW2 policies
set skip on { lo0, enc0, $int_if }
block drop all
pass in on $ext_if proto esp from any to $ext_if keep state
pass in on $ext_if proto udp from any to $ext_if port = isakmp keep state
Please note that all BSD's are 3.8-current, XP is without SP2, so
your situation could be different.
Summary : to my suprise everything work as expected :o)
Best regards
Petr Ruzicka
