[strongSwan] Possible to do DNAT on actual IP packet encapsulated in ESP?

[Bharath Kumar]

I have a scenario where I need to redirect all the traffic (destined to
various hosts on the rightsubnet) coming in via the ESP tunnel to be
redirected to a local squid proxy. Without the IPSec/ESP, the approach
would have been to do a DNAT in the PREROUTING chain of IPTables. That
doesn't apply for ESP case because the actual IP packet is
encapsulated/encrypted.

Was wondering if anyone could offer any help. Am using 5.0.1.

Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130111/9f61eb1e/attachment.html>