IP NAT messes with the IP packets (rewrites source/destination addresses
and ports), but IPsec prevents packets which have been tampered with, so
they don't play well together.  

-Dan


On Tue, 6 Mar 2001, Herb Singleton wrote:

> Has anyone had any luck forwarding IPsec packets through IP NAT?
> 
> My setup: Win 2000 box running Raptor firewall client connected via DCHP to Quadra 650 running NetBSD 1.4.2. The NetBSD box is connected to the internet via cable modem (also through DHCP). 
> 
> Normal internet access works fine. When we try to connect over the tunnel though the NetBSD box to our company's Raptor firewall (outside network) we find that we can connect okay (at least we get a connection confirmation) but nothing else works. 
> 
> Any ideas if/how to configure IPNAT rules to allow these connections through? I am currently using Erik Winkler's ipf.conf (with a few modifications).
> 
> Thanks
> 
> Herb
> ___________________________________________________________
> Herb Singleton
> hsingleton@mac.com
> Everything in acoustics: http://www.cross-spectrum.com
>