Subject: racoon (ipsec) and NAT
To: None <>
From: Pierre Bourgin <>
List: tech-net
Date: 07/04/2002 13:26:48

I try to establish a esp-tunnel between two NetBSD-1.5.2/i386 boxes and ( supposed to be a public IP address) --- NAT -----(internet)------

My problem is that one of the box ( is NATed (a
supposed public IP address).

So the ESP tunnel must be established between and in
the following way:

  - between and for host
  - between and for host

right ?

so, since I want to use pre_shared key in racoon (in file
/etc/racoon/psk.txt), I use this:

   ' test_esp'  in file 
   ' test_esp' in file

But this configuration does not work, racoon failed to negiocate corectly
the phase 1 of negociation .....


- is it possible to establish an esp-tunnel with a NAT in-between the 2
  sides of the esp-tunnel ?

- I've down something wrong in my configuration ?

I look on the net, but It's really difficult to find pratical doc about IKE
protocol or informations on racoon for that configuration :(

Thanks for your help, ideas or clue(s) !


Pierre Bourgin