[ previous ] [ next ] [ threads ]
 
 From:  "Jonathan Romero" <jromero at raydiance dash inc dot com>
 To:  "Bjoern Euler" <lists at edain dot de>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Ports used by IPSEC connections? My m0n0wall is behind another firewall
 Date:  Mon, 11 Sep 2006 15:58:51 -0400
Hello Bjoern,

This isnt a basic nat setup, it's actually 1:1.  There is an external
public IP directly mapped to an internal one.  On each side the remote
gateway is explicitly labeled as the public IP on each end.

This is a network to network IPSec bridge using the static
configuration, not the mobile clients.

As far as I know this should work.  But I could very likely be wrong.

Thanks for the link to the FAQ, and taking the time to give me the
port assignments.  I will attempt to get this working and report back.

-Jonathan

On 9/11/06, Bjoern Euler <lists at edain dot de> wrote:
> Jonathan Romero wrote:
>
> > I would like to be able to do IPSEC connections with this unit, but I
> > need to tell the site admin what ports/protocols he needs to open up
> > for this to work.
>
> You'll need UDP Port 500 and IP Proto 50 (ESP). Depending on the NAT
> implementation on the router in front of your box you may have troubles,
> though.
>
> Also have a look at this:
> http://doc.m0n0.ch/handbook/faq-ipsec-nat-t.html
>
> Regards,

>


-- 
Jonathan S. Romero