[ previous ] [ next ] [ threads ]
 
 From:  Wilko Lunenburg <w dot lunenburg at kanteff dot nl>
 To:  "M0n0wall (E-mail)" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  ipsec tunnel with monowall behind nat-router
 Date:  Wed, 7 Sep 2005 17:23:54 +0200
Is is possible to make the following setup work. I am trying to make a ipsec
tunnel to a monowall that is behind a adsl router doing nat. This is the
setup:

 ------      ------      ------
 | pc  |     |mono |     |router
 | 1   |-----|wall |-----| NO  |
 |     |     |1    |     | nat |
 ------      ------      ------
                            |
                            |
                       internet
                            | 
                            |
                          ------
                          |router
                          | WITH|
                          | nat |
                          ------
                             |
                             |
                          ------
                          |mono |
             -------------|wall |
             other lan    |2    |
                          ------

Just in case it is important, here are the ip-addresses:

pc 1 is on 10.10.100.240 and it uses Safenet Softremote VPN client software.

monowall 1 is on 10.10.100.250 and on 195.240.1.123 (internet side) and it
connects to a router on 195.240.123.1. Both ip-addresses are direct on the
internet.

The router on the other side (WITH nat) has 80.100.123.1 (internet side) and
10.0.0.138 on the inside. It has a "default server" setting that should
forward everything to a server on the inside, in this case the monowall 2.

monowall 2 is on 10.0.0.150 and on the local LAN side it is on 192.168.77.1

Now what is think is that the router WITH nat is the problem because it
changes the ip-address to with the packets are sent. I configured the VPN
client to connect to 80.100.123.1 but the monowall actually is on
10.0.0.150. Is there a way to make this work? Any pointers to documents, my
searches around the net didn't help...

Thanks,


Wilko Lunenburg