IPSecurity Nortel Extranet Switch and Netfilters

Fri, 11 Jan 2002 13:15:27 -0500

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C19ACB.F2092A10
Content-Type: text/plain;
	charset="iso-8859-1"

Greetings everyone, I was wondering if anyone has got the nortel VPN client
extranet to work throught netfilter and if so what rules had to be put in
place.

i do SNAT to get out of the network and allow all tcp traffic on the
interface, I also forward all 499-501 upd packet inside the network and no
success. The error i get on the windows machine running the client tells me
that my firewall is probably block IPSecurity Packets. Once i get that going
hopefully i can get freeswan to work but thats another story...

Even if I only have 3 hours of experience with Netfilter I really do love
it. I finally can hit the servers behind our firewall using the external
(internet IP address) while still getting internet IP addresses in our log.

Thanks to the netfilter team!

Any help would be appriciated,
Thanks

Michel Chamberland
Jackson Hewitt
Programmer Analyst
Electronic Filing

ps: please email my address as I am not on the users list, thanks!

The sender believes that this E-mail and any attachments were free of any
virus, worm, Trojan horse, and/or malicious code when sent.  This message
and its attachments could have been infected during transmission.  By
reading the message and opening any attachments, the recipient accepts full
responsibility for taking protective and remedial action about viruses and
other defects.  Jackson Hewitt is not liable for any loss or damage arising
in any way from this message or its attachments.

------_=_NextPart_001_01C19ACB.F2092A10
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2653.12">
<TITLE>IPSecurity Nortel Extranet Switch and Netfilters</TITLE>
</HEAD>
<BODY>

<P><FONT SIZE=3D2>Greetings everyone, I was wondering if anyone has got =
the nortel VPN client extranet to work throught netfilter and if so =
what rules had to be put in place.</FONT></P>

i do SNAT to get out of the network and allow all tcp =
traffic on the interface, I also forward all 499-501 upd packet inside =
the network and no success. The error i get on the windows machine =
running the client tells me that my firewall is probably block =
IPSecurity Packets. Once i get that going hopefully i can get freeswan =
to work but thats another story...

Even if I only have 3 hours of experience with =
Netfilter I really do love it. I finally can hit the servers behind our =
firewall using the external (internet IP address) while still getting =
internet IP addresses in our log.

<P><FONT SIZE=3D2>Thanks to the netfilter team!</FONT>
</P>

<P><FONT SIZE=3D2>Any help would be appriciated,</FONT>
<BR><FONT SIZE=3D2>Thanks</FONT>
</P>

<P><FONT SIZE=3D2>Michel Chamberland</FONT>
<BR><FONT SIZE=3D2>Jackson Hewitt</FONT>
<BR><FONT SIZE=3D2>Programmer Analyst</FONT>
<BR><FONT SIZE=3D2>Electronic Filing</FONT>
</P>

<P><FONT SIZE=3D2>ps: please email my address as I am not on the users =
list, thanks!</FONT>
<BR><FONT SIZE=3D2>&nbsp;</FONT>
<BR><FONT SIZE=3D2>The sender believes that this E-mail and any =
attachments were free of any virus, worm, Trojan horse, and/or =
malicious code when sent.&nbsp; This message and its attachments could =
have been infected during transmission.&nbsp; By reading the message =
and opening any attachments, the recipient accepts full responsibility =
for taking protective and remedial action about viruses and other =
defects.&nbsp; Jackson Hewitt is not liable for any loss or damage =
arising in any way from this message or its attachments.</FONT></P>

</BODY>
</HTML>
------_=_NextPart_001_01C19ACB.F2092A10--