I do this with the cisco VPN client (to PIX), I am firewalling with pf. Client --- FreeBSD firewall+NAT using pf --- internet - PIX
The only problem I had was that isakmp needs to come from port 500 as well as go to port 500 so I needed to add a rule To stop pf changing the source port. My nat rules are: nat on $ext_if inet proto { tcp, udp } from $int_net port = 500 \ to any -> ($ext_if:0) port 500 nat on $ext_if from $int_net to any -> $ext_addr1 Havent tried checkpoint though. Vince > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of John Mok > Sent: 07 April 2005 17:15 > To: freebsd-net@freebsd.org > Subject: FreeBSD Firewall + NAT Traversal + IPsec > > Hi, > > I'm new to FreeBSD. Is it possible make a FreeBSD box with > firewall + NAT, such that client PC(s) from the NATed > internal network could connect to a VPN gateway on the Internet :- > > client PC ----- FreeBSD Firewall + NAT ---- Internet ---- > IPsec VPN gateway > 192.168.x.x/16 (e.g. > Checkpoint FW-1) > (VPN client) > > I hope someone could help to advise what software is required > on the FreeBSD box to NAT traversal work and where to get the > HOWTO(s)? > > Thanks a lot. > > John Mok > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"