Firewall Wizards mailing list archives
Re: VPN
From: Jeffery.Gieser () minnesotamutual com
Date: Mon, 5 Feb 2001 08:42:23 -0600
Sandra, #A) Since IP's at both subnets are private do we need to use #Masquerading at GW1 and GW2 in order to route paquets through #the VPN or does IPSec encapsulation provide for this already? The IPSec encapsulated packet will have the IP address of the GW1 or GW2 since they are the endpoints of the VPN. #B) We have been sniffing the packets sent from GW1 to GW2 through #the ipsec0 interface and we've seen that the destination IP is a #private IP from Site How can this be? If that's going on to the #Internet it won't get routed... or could it be that tcpdump is #interpreting IPSec? Try the real network interface eb0, exp0 or whatever. The ipsec0 interface is looking at the traffic after it has been decrypted by the VPN. The ipsec0 interface should allow you to write firewall rules to be applied to the traffic after it has been decrypted. Regards, Jeffery Gieser _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- VPN Sandra Hernandez Marsa (Feb 03)
- <Possible follow-ups>
- Re: VPN Jeffery . Gieser (Feb 07)