current-users: NAT stops working with IPSEC kernel

Subject: NAT stops working with IPSEC kernel
To: None <current-users@netbsd.org>
From: Paul Newhouse <newhouse@rockhead.com>
List: current-users
Date: 03/26/2000 13:10:02

Platform i386

I'm probably doing something stupidly obvious but, I'm newbie to IPSEC.

I compile a kernel with IPSEC the same config files that used to work 
for NAT stop working.  I see log messages like:

  Mar 26 12:50:45 bigbox /netbsd: ipsec4_set_policy: invalid direction=0

(Don't know if it's related or not?)

I'm not sure how these settings affects things (I have no IPV6 interfaces):

  net.inet.ipsec.def_policy = 1
  net.inet6.ipsec6.def_policy = 1
  net.inet6.ipsec6.ah_net_deflev = 1
  net.inet6.ipsec6.ah_trans_deflev = 1
  net.inet6.ipsec6.esp_net_deflev = 1
  net.inet6.ipsec6.esp_trans_deflev = 1
  net.inet.ipsec.ah_net_deflev = 1
  net.inet.ipsec.ah_trans_deflev = 1
  net.inet.ipsec.esp_net_deflev = 1
  net.inet.ipsec.esp_trans_deflev = 1

setkey -D says there are no SAD entires.

I need to get my default systemto work than I can work on getting the IPSEC
connection to the Bay box at work.

I have no idea what's wrong.  HELP!!!!

TIA,
Paul