Mario Fetka wrote:
>
> so how can i connect these networks.
I have no idea if you can make that work or not. But I suspect that you need
to set up NETMAP on the firewall''s external interface and adjust the
IPSEC
security policies on each end to use the post-NETMAP addresses on output and
the pre-NETMAP addresses on input. That is because you want NETMAP to occur
on output _before_ the packets get transformed to ESP. Similarly, on input,
the packets will be transformed before NETMAP is applied. So the incoming
security policies need to apply to the pre-NETMAP packets.
But that is only a guess and I''m not going to help you further with it.
This would obviously be a lot easier if you used OpenVPN rather than IPSEC,
which is what I recommend.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don''t miss this year''s exciting event. There''s still
time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone