On Sunday 12 March 2006 17:13, Dave Kempe wrote:> Hi,
> Just seeking some clarification on the current state of play with masqing
> ipsec connections.
> I have a client who establishs many different outbound ipsec connections.
> So thats - many local clients, through linux firewall, to many different
> ipsec ''servers''.
> they currently assign a public ip for outbound nat to each user to connect
> out to the ipsec connection, so we have a one to one mapping from public ip
> to private ip. this way we can tell the remote ipsec gateways the correct
> source address.
> Just to confirm:
> Is this the only way of handling lots of outbound ipsec connections?
> Does the same:nodst combo in /etc/shorewall/masq help with managing this?
> Is there anyway I can make all the ipsec connections appear to come from
> the same ip?
>
>
> any pointers or help much appreciated.
I don''t understand the problem -- if you are using NAT Traversal, you
should
just be able to use normal UDP masquerading with a single IP address. What am
I missing?
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key