[ previous ] [ next ] [ threads ]
 
 From:  Daniele Guazzoni <daniele dot guazzoni at gcomm dot ch>
 To:  "'m0n0wall at lists dot m0n0 dot ch'" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Cisco - M0n0wall ipsec VPN question
 Date:  Thu, 15 Sep 2005 01:30:23 +0200
Yep, but X-Auth can be disabled.

But the problem here sounds like remote network mismatch.


Daniele

Sikosis wrote:
> I thought Cisco uses X-Auth which is why it's not supported by m0n0 ?
> 
> 
> On 9/15/05, Stovall, Adrian M. <Adrian dot Stovall at durez dot com> wrote:
> 
>>I don't know (and I'll have to ask the admin at the site the m0n0wall
>>box is at...that end of the tunnel is a new part of our network that
>>we're trying to get connected).
>>
>>Where do I tell him to look to find out?
>>
>>
>>Adrian Stovall
>>
>>#-----Original Message-----
>>#From: Jonathan S. Romero [mailto:jromero at raydiance dash inc dot com]
>>#Sent: Wednesday, September 14, 2005 2:49 PM
>>#To: Stovall, Adrian M.
>>#Cc: m0n0wall at lists dot m0n0 dot ch
>>#Subject: Re: [m0n0wall] Cisco - M0n0wall ipsec VPN question
>>#
>>#Does m0n0wall use explicit congestion notification?  These
>>#symptoms sound like something I was experiencing last week on
>>#a linux system.
>>#
>>#-JonnyRo
>>#
>>#On Wed, 2005-09-14 at 14:23 -0500, Stovall, Adrian M. wrote:
>>#> Hi all.
>>#>
>>#> I have a peculiar problem between a Cisco router and a m0n0wall box
>>#> running the latest beta.
>>#>
>>#> Here are the symptoms and some details (more detailed ones are
>>#> hopefully coming soon):
>>#>
>>#>
>>#> pings sent from the cisco side of the tunnel will bring the
>>#tunnel up
>>#> with no problem.
>>#>
>>#> pings sent from the m0n0 side will not bring the tunnel up.
>>#>
>>#> normal TCP connections initiated from the cisco side of the
>>#tunnel are
>>#> successful (tested with browsers and remote administrator).
>>#>
>>#> normal TCP connections initiated from the m0n0 side of the
>>#tunnel are
>>#> unsuccessful (telnets to any given port result in timeouts).
>>#>
>>#> pings in both directions to devices on the internal networks on the
>>#> opposing side of the tunnel work fine up to 992 bytes.
>>#>
>>#> MTU on the ethernet interface of the cisco is set to 1380.
>>#>
>>#> MTU on the internal (and external) interface of the m0n0 box
>>#is set to
>>#> 1500.
>>#>
>>#> Both routers are connected to the internet via T-1's (m0n0wall is in
>>#> Detroit on a connection from BrightHouse, cisco is in Dallas on a
>>#> connection from Qwest).
>>#>
>>#> At this point, I've seen in the m0n0wall logs that all traffic
>>#> destined for the other side of the tunnel is allowed, and that there
>>#> are no incoming packets getting denied on the cisco, so I'm shying
>>#> away from packet-filtering trouble.
>>#>
>>#> Does anyone have any ideas on what I should be looking at next?  The
>>#> idea of a one-way tunnel is interesting, but not especially handy.
>>#>
>>#>
>>#>
>>#> Adrian Stovall
>>#>
>>#>
>>#>
>>#>
>>#> ---------------------------------------------------------------------
>>#> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>>#> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>#>
>>#--
>>#Jonathan S. Romero <jromero at raydiance dash inc dot com> Raydiance Inc.
>>#
>>#
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>
>>
> 
> 
> 

-- 



	best regards

------------------------------------------------------------------
Daniele Guazzoni
Senior Network Engineer, CCNA, CCNP

Ackersteinstrasse 203
CH-8049 Zurich
------------------------------------------------------------------
"Destiny is not a matter of chance, it is a matter of choice;
it is not a thing to be waited for, it is a thing to be achieved."
					William Jennings Bryan