"Crist J. Clark" <[EMAIL PROTECTED]> wrote:
> For packets entering the system from the network, the processing
> order is,
>
> (network) ---> ipfw ---> IPsec ---> (remainder of IP stack)
>
> And outgoing,
>
> (system) ---> IPsec ---> ipfw ---> (network)
>
> (It's actually a bit more hairy t
On Fri, Oct 31, 2003 at 09:45:25AM -0600, Mark Johnston wrote:
> "Crist J. Clark" <[EMAIL PROTECTED]> wrote:
> > On Thu, Oct 30, 2003 at 03:05:09PM -0600, Mark Johnston wrote:
> > > - gateway receives an ESP packet from mobile (encapsulating a ping).
> > > - gateway decrypts and transmits an ICMP p
"Crist J. Clark" <[EMAIL PROTECTED]> wrote:
> On Thu, Oct 30, 2003 at 03:05:09PM -0600, Mark Johnston wrote:
> > - gateway receives an ESP packet from mobile (encapsulating a ping).
> > - gateway decrypts and transmits an ICMP packet to internal with mobile's
> > source address.
> > - internal ge
On Thu, Oct 30, 2003 at 03:05:09PM -0600, Mark Johnston wrote:
> [ -netters, please Cc me or security@ with replies. ]
>
> I'm running into trouble integrating dynamic racoon-based IPSec into a network
> with ipfw and natd. I need to be able to allow VPN access from any address
> from authenticat
[ -netters, please Cc me or security@ with replies. ]
I'm running into trouble integrating dynamic racoon-based IPSec into a network
with ipfw and natd. I need to be able to allow VPN access from any address
from authenticated clients. I've got the dynamic VPN working, with racoon
negotiating SA
