[ previous ] [ next ] [ threads ]
 
 From:  Sikosis <sikosis at gmail dot com>
 To:  "m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Cisco - M0n0wall ipsec VPN question
 Date:  Thu, 15 Sep 2005 09:01:12 +1000
I thought Cisco uses X-Auth which is why it's not supported by m0n0 ?


On 9/15/05, Stovall, Adrian M. <Adrian dot Stovall at durez dot com> wrote:
> I don't know (and I'll have to ask the admin at the site the m0n0wall
> box is at...that end of the tunnel is a new part of our network that
> we're trying to get connected).
> 
> Where do I tell him to look to find out?
> 
> 
> Adrian Stovall
> 
> #-----Original Message-----
> #From: Jonathan S. Romero [mailto:jromero at raydiance dash inc dot com]
> #Sent: Wednesday, September 14, 2005 2:49 PM
> #To: Stovall, Adrian M.
> #Cc: m0n0wall at lists dot m0n0 dot ch
> #Subject: Re: [m0n0wall] Cisco - M0n0wall ipsec VPN question
> #
> #Does m0n0wall use explicit congestion notification?  These
> #symptoms sound like something I was experiencing last week on
> #a linux system.
> #
> #-JonnyRo
> #
> #On Wed, 2005-09-14 at 14:23 -0500, Stovall, Adrian M. wrote:
> #> Hi all.
> #>
> #> I have a peculiar problem between a Cisco router and a m0n0wall box
> #> running the latest beta.
> #>
> #> Here are the symptoms and some details (more detailed ones are
> #> hopefully coming soon):
> #>
> #>
> #> pings sent from the cisco side of the tunnel will bring the
> #tunnel up
> #> with no problem.
> #>
> #> pings sent from the m0n0 side will not bring the tunnel up.
> #>
> #> normal TCP connections initiated from the cisco side of the
> #tunnel are
> #> successful (tested with browsers and remote administrator).
> #>
> #> normal TCP connections initiated from the m0n0 side of the
> #tunnel are
> #> unsuccessful (telnets to any given port result in timeouts).
> #>
> #> pings in both directions to devices on the internal networks on the
> #> opposing side of the tunnel work fine up to 992 bytes.
> #>
> #> MTU on the ethernet interface of the cisco is set to 1380.
> #>
> #> MTU on the internal (and external) interface of the m0n0 box
> #is set to
> #> 1500.
> #>
> #> Both routers are connected to the internet via T-1's (m0n0wall is in
> #> Detroit on a connection from BrightHouse, cisco is in Dallas on a
> #> connection from Qwest).
> #>
> #> At this point, I've seen in the m0n0wall logs that all traffic
> #> destined for the other side of the tunnel is allowed, and that there
> #> are no incoming packets getting denied on the cisco, so I'm shying
> #> away from packet-filtering trouble.
> #>
> #> Does anyone have any ideas on what I should be looking at next?  The
> #> idea of a one-way tunnel is interesting, but not especially handy.
> #>
> #>
> #>
> #> Adrian Stovall
> #>
> #>
> #>
> #>
> #> ---------------------------------------------------------------------
> #> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> #> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> #>
> #--
> #Jonathan S. Romero <jromero at raydiance dash inc dot com> Raydiance Inc.
> #
> #
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
> 


-- 
Cheers

Sikosis