Re: [m0n0wall] m0n0wall does not pass IPSEC traffic?

From:	Melvin Backus <mbackus at bellsouth dot net>
To:	"Eileen Kelleher" <eileen at kelltech dot biz>, <m0n0wall at lists dot m0n0 dot ch>
Subject:	Re: [m0n0wall] m0n0wall does not pass IPSEC traffic?
Date:	Thu, 08 Jan 2004 05:51:51 -0500

At 02:15 AM 1/8/2004, Eileen Kelleher wrote:
>I have encountered a serious problem, at least for me.  The firewall
>does not seem to be able to pass any IPSEC traffic from the LAN segment
>to the WAN connection.  Does anyone have a clue what I could do to
>enable this?
>
>I lowered the MTU to ensure encapsulation wouldn't be the problem, this
>fixed it for a NetScreen firewall when I encountered the same symptoms
>before.
>
>I am using a safenet client on a windows XP system to connect out to a
>remote netscreen endpoint.  It gets a connection but cannot pass any
>traffic.
>
>Any ideas?
>
>Eileen Kelleher
>eileen at kelltech dot biz

Just from past experience and the fact that in spite of knowing better I've 
still done it myself, make sure that your internal lan address isn't in the 
same subnet as the lan on the other side of the Netscreen.  That will 
exhibit precisely those symptoms.


----------------------------------------
Good, Fast, Cheap... Pick any two
----------------------------------------