Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: VPN

From: Jeffery.Gieser () minnesotamutual com
Date: Mon, 5 Feb 2001 08:42:23 -0600

Sandra,

#A) Since IP's at both subnets are private do we need to use
#Masquerading at GW1 and GW2 in order to route paquets through
#the VPN or does IPSec encapsulation provide for this already?

The IPSec encapsulated packet will have the IP address of the GW1 or GW2
since they are the endpoints of the VPN.

#B) We have been sniffing the packets sent from GW1 to GW2 through
#the ipsec0 interface and we've seen that the destination IP is a
#private IP from Site How can this be? If that's going on to the
#Internet it won't get routed... or could it be that tcpdump is
#interpreting IPSec?

Try the real network interface eb0, exp0 or whatever.  The ipsec0 interface
is looking at the traffic after it has been decrypted by the VPN.  The
ipsec0 interface should allow you to write firewall rules to be applied to
the traffic after it has been decrypted.

Regards,
Jeffery Gieser

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: