I do this with the cisco VPN client (to PIX),
I am firewalling with pf.
Client --- FreeBSD firewall+NAT using pf --- internet - PIX
The only problem I had was that isakmp needs to come from
port 500 as well as go to port 500 so I needed to add a rule
To stop pf changing the source port. My nat rules are:
nat on $ext_if inet proto { tcp, udp } from $int_net port = 500 \
to any -> ($ext_if:0) port 500
nat on $ext_if from $int_net to any -> $ext_addr1
Havent tried checkpoint though.
Vince
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of John Mok
> Sent: 07 April 2005 17:15
> To: freebsd-net@freebsd.org
> Subject: FreeBSD Firewall + NAT Traversal + IPsec
>
> Hi,
>
> I'm new to FreeBSD. Is it possible make a FreeBSD box with
> firewall + NAT, such that client PC(s) from the NATed
> internal network could connect to a VPN gateway on the Internet :-
>
> client PC ----- FreeBSD Firewall + NAT ---- Internet ----
> IPsec VPN gateway
> 192.168.x.x/16 (e.g.
> Checkpoint FW-1)
> (VPN client)
>
> I hope someone could help to advise what software is required
> on the FreeBSD box to NAT traversal work and where to get the
> HOWTO(s)?
>
> Thanks a lot.
>
> John Mok
>
> _______________________________________________
> freebsd-net@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"
>
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
