tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: IPsec vs ssh



Darren Reed <darrenr%netbsd.org@localhost> writes:

> On 12/11/2013 12:37 PM, Greg Troxel wrote:
>> 
>> Darren Reed <darrenr%netbsd.org@localhost> writes:
>> 
>>   They have to match on both ends, inversely.
>
> When NAT is involved and NetBSD is behind the NAT device, how can they?

I meant that the inbound policy on one system has to match the same
packets that the outbound policy on the other system matches.  So if you
are using wildcard on address and just destination ports on machines
with global addresses, that should be ok.

Attachment: pgpEunAnugReD.pgp
Description: PGP signature



Home | Main Index | Thread Index | Old Index