Help with Nortel IPsec on Redhat Linux 2.4.16 using iptables
Sandy Harris
sandy@storm.ca
Sun, 13 Jan 2002 16:41:30 -0500
Anoosh Atari wrote:
>
> Please forgive me if this is a repeat topic, I have searched the net for over
> 30 hours and have found miss matched information on
> how to connect a windows 2K via a Linux FW/GW on to my company's server using IPSEC etc...
>
> I am finding confusing information pointing to MASQUERADING verses SNAT etc...,
For a Linux IPsec implementation that you could run on your gateway, see
www.freeswan.org. All the documentation is online there.
The firewall.html section on interaction with firewalls might be useful to you.
As the author, I'd invite feedback from folks on the iptables list. The thing
could probably use improvement.
Down near the end of interop.html, there's also a section on interoperation
with Win 2K IPsec that you should likely look at.
If you don't want to have the gateway doing IPsec, but only passing IPsec
packets through it, and the gateway is doing masquerade/NAT, then the
problem is a bit tricky. IPsec is trying to do end-t-end authentication,
but the NAT is rewriting packets somewhere in the middle. firewall.html
discusses this. A link there gets you to a "VPN Masquerade HowTo" that
offers a solution.