tech-net: IPSec transport mode on gateway?

Subject: IPSec transport mode on gateway?
To: None <tech-net@netbsd.org>
From: Neil Ludban <nludban@columbus.rr.com>
List: tech-net
Date: 05/01/2002 20:17:52

Hi,

My network looks like this:

    A -- B -- C

A = ancient Linux box, no IPSec
B = NetBSD (1.5.2) router
C = embedded device, with transport mode ESP

(Note A and C are on private subnets, B also NATs to a
3rd public interface.)

I'd like to use B to encrypt and decrypt packets for A.
The policy on B to add transport mode ESP on packets from
A to C works, but I can't figure out how to setup a policy
so B will decrypt packets from C to A.  Can this be done?

I'm guessing this is a rather unusual application that was
never intended to be supported :-)

Thanks,

	-Neil