Hello there, I have the follow configuration
IPSEC site-to-site but I have the follow problem aaa.bbb.ccc.dda---------aaa.bbb.ccc.ddb------------bbb.ccc.ddd.eea----IPSEC----bbb.ccc.ddd.eeb---------ccc.ddd.eee.ffa |____gw aaa.bbb.ccc.ddc When network ccc.ddd.eee.ffa tranverse ipsec tunnel, I do a nat rule match out log on $int_if from ccc.ddd.eee.fff/24 to aaa.bbb.ccc.dda nat-to ($int_if:0) I see with tcpdump packets request and reply, but i have the follow message, host unrecheable if I add a route route add -net ccc.ddd.eee.fff/24 bbb.ccc.ddd.eea it works My doubt is the follow: IPSEC do the routes on encap its possible see with: netstat -rnf enca theoricaly the NAT would work without add a route Why need a route to work ? Have another form to do this ? Regards, Guilherme Hakme
