Hi Markus, There's the parameter nat-traversal=on, which could be set in your ipsec.conf. It should do the trick for you. For more information there's a whole ipsec/vpn universe to explore on www.spenneberg.de. Cheers, Stefan
From: Markus Feilner [mailto:lists@feilner-it.net] Subject: [suse-security] openswan, cisco pix and nat problem
Hello List, I have a problem with connections to a cisco pix. The VPN Partner wants me to nat/masquerade my traffic with my outside public IP. How do I specify that in my ipsec.conf? Are the following lines correct? left=my_pub_IP leftsubnet=local_subnet right=pub_IP_of_vpn_partner rightsubnet=remote_subnet Or do I have to insert the remote_IP/32 in the righsubnet field?
The other question is: Has anybody solved Masquerading/Natting the VPN traffic, so that connections from several local to several remote hosts are possible?
Thanks for helping!
-- mit freundlichen Grüssen, Markus Feilner -- Feilner IT Linux & GIS Linux Solutions, Training, Seminare und Workshops - auch Inhouse Beraiterweg 4 93047 Regensburg fon +49 941 9465243 fax +49 941 9465244 mobil + +49 170 3027092 mail mfeilner@feilner-it.net web http://www.feilner-it.net
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here