[ previous ] [ next ] [ threads ]
 
 From:  dave <dave at rodrig dot com>
 To:  Dave Henderson <hendie at sympatico dot ca>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] IPSec Support
 Date:  Tue, 13 Jan 2004 21:27:53 -0500
do you have udp encapsulation enabled? (never used the contivity client, 
assuming it can do this..)

you may be running into NAT traversal issues....ESP doesn't use ports, 
it's ip protocol 50 (and not *port* 50). As a result it can be 
problematic to get a tunnel up through a FW performing NAT. UDP 
encapsulation solves this problem by encapsulating ESP traffic inside 
UDP packets on port 2746.

see phoneboy for a much better explanation:
http://oldfaq.phoneboy.com/fom-serve/cache/510.html

just throwing an idea out there.

good luck
dave

Dave Henderson wrote:
> Sorry for asking again but I am unable to connect to my company VPN box
> "Nortel Contivity 4500" from by PC (Contivity Client) behind M0n0wall.
> I did some testing a noticed the logs show traffic passed going out but
> I did not receive any response.  I set up a rule to allow all traffic
> from any port from the IP of the Contivity but still did not see any
> info in the logs.  If any one has any suggestion that would be great; I
> have tried "allow fragmented packets" in the firewall:rules LAN Net but
> his did not work. I was also wondering if any has recommended setting
> for the Interfaces:WAN MTU setting?
>  
> Thanks
> Dave Henderson
>