On Mon, Feb 25, 2002 at 03:50:57PM -0500, Charles Stack wrote: > We're trying to connect a ipsec client to an ipsec server through an > iptables-based firewall. > It seems that the firewall is blocking protocol 50 traffic. > > Is it possible to get this traffic to pass through cleanly? > If so, how?
'-p 50' for ESP and '-p 51' for AH should do it. Don't forget to let the IKE stuff through. > > I'm guessing right now that I'm going to have to provide a routable static > ip to the workstation thus giving that machine raw internet access. Ugh. As opposed to what? natting? Yes. AH definitely doesn't work with nat but not sure about ESP. Ramin > > Thanks, > > Charles >
