foundry27 : Post

Forum Topic - IPSec Pass through: (2 Items)

View: as

srikanth chandragiri(deleted)

05/03/2015 3:29 PM

post113769

I need to support passthrough of IPSec connections (RFC 3715 ) 
IPSEC packets to pass through a NAT router. 

Could you please help me in suggesting hints libraries conf files etc.. to start with. 

Thanks

Nick Reilly

05/04/2015 9:38 AM

post113771

Re: IPSec Pass through

Are you looking for NAT configuration or the IPsec configuration? If you are looking for IPsec configuration are you 
using setkey, racoon or racoon2?

The usual way to get IPsec to work through NAT is to use tunnel mode and UDP encapsulate it. For NAT our PF 
implementation will just see it as UDP traffic and NAT it as normal. 

For documentation on configuring the pf rules see pf.conf
http://www.qnx.com/developers/docs/660/index.jsp?topic=%2Fcom.qnx.doc.neutrino.utilities%2Ftopic%2Fp%2Fpf.conf.html&
resultof=%22pf%2econf%22%20

For the IPsec configuration see setkey and racoon
http://www.qnx.com/developers/docs/660/index.jsp?topic=%2Fcom.qnx.doc.core_networking%2Ftopic%2Fsecurity_IPsec_Tools.
html&resultof=%22setkey%22%20%22setkei%22%20

Return

The text you entered is not a valid object ID
More Information
Object IDs begin with an object prefix and end with a number. For example, if you enter
artf2345
the application will jump directly to an artifact with the ID artf2345. Some valid object prefixes are:
artf	for an artifact
doc	for a document
page	for a project page
topc	for a discussion topic
wiki	for a wiki page