I'm trying to connect a Fedore Core 2 with IPSEC to an Cisco 1720 PIX.
My linux box is behind a NAT firewall. I have a seperate public ip for
the setup, and using DNAT / SNAT all traffic to this ip is routed from
the firewall to the (internal) linux box. My setup is in detail
NAT firewall Internet
220.127.116.11 <-----> 18.104.22.168 / 22.214.171.124 <-----> 126.96.36.199
I have *succesfully* established a tunnel between 188.8.131.52 and
184.108.40.206 (PIX sees 220.127.116.11 as 18.104.22.168). I have limited control
over the Cisco PIX, so the usal configuration with 22.214.171.124/24 and
126.96.36.199/24 in ipsec.conf does not work. Instead, my configuration is..
spdadd 188.8.131.52/32 184.108.40.206/32 any -P out
spdadd 220.127.116.11/32 18.104.22.168/32 any -P in
As the Cisco PIX *only* accepts this configuration i guees this the
similiar configuration in the Cisco side also. Therefore, i must some
kind of iptables stuff or routing to mangle the packets once they have
come through the tunnel.
Anyways, the tunnel gets established as 22.214.171.124->126.96.36.199. and
Using ping on the Cisco box i now try to ping 188.8.131.52. On the Linux box
using tcpdump host 184.108.40.206, i can now see the following;
15:02:10.743599 IP (tos 0x0, ttl 255, id 9868, offset 0, flags [none],
proto 47, length: 124) 220.127.116.11 > 18.104.22.168:  IP (tos 0x0, ttl
255, id 162, offset 0, flags [none], proto 1, length: 100) 22.214.171.124 >
126.96.36.199: icmp 80: echo request seq 9927
It seems like my ping packet gets wrapped into something ....? If
anybody knows how a can "capture" the 188.8.131.52 > 184.108.40.206 from the packet,
please let me know.....