Hi, Roy:
Roy Morris wrote:
Yes it does work! I guess I better hold on to these two boxes I have. Seems
they are the only ones that do! lol
I have
A. clients on each end behind a vpn/pf box
B. enc0 binat from internal client to public IP of other side client
C. /etc/hostname.if alias for the binat IP
D. isakmpd.conf uses public IP (A) for phase 1, and (B internal client nat) for
phase 2
I've had a closer look at this...
In my case, the other peer expects a private IP on my internal network.
Your directions involve an alias. Do I need this alias?
Can I not just nat on the encryption interface like so?
nat on $enc_if from $internal_ip to $remote_internal_ip ->
$private_nat_address?
This is really confusing me.
-Stephen-
