Ipsec is conected but...
Rick Stevens
rstevens at vitalstream.com
Wed Nov 9 16:24:24 UTC 2005
On Wed, 2005-11-09 at 00:11 -0200, Rodrigo Faria Tavares wrote:
> Hello,
>
> Finally I up ipsec, but in can´t to ping the other network, i search
> many tutorials the solution,
> but I can´t to resolve it.
>
> In left side I use SNAT for sharing internet, and right side use NAT.
>
>
> [root at faria ~]# ipsec auto --up velox-to-intrace
> 104 "velox-to-intrace" #1: STATE_MAIN_I1: initiate
> 106 "velox-to-intrace" #1: STATE_MAIN_I2: sent MI2, expecting MR2
> 108 "velox-to-intrace" #1: STATE_MAIN_I3: sent MI3,expecting MR3
> 004 "velox-to-intrace" #1: STATE_MAIN_I4: ISAKMP SAestablished
> 112 "velox-to-intrace" #2: STATE_QUICK_I1: initiate
> 004 "velox-to-intrace" #2: STATE_QUICK_I2: sent QI2,
> IPsec SA established {ESP=>0x58ffbfc9 <0x863ed405}
>
> How I can to resolve this problem ?
If the destination is NATted, you can't. You have no idea what its
real IP is, and you don't have a gateway to that network anyway. NAT
only knows about stuff that was initiated on its private network side,
NOT the public side.
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer rstevens at vitalstream.com -
- VitalStream, Inc. http://www.vitalstream.com -
- -
- Millihelen, adj: The amount of beauty required to launch one ship. -
----------------------------------------------------------------------
More information about the Redhat-install-list
mailing list