do you have udp encapsulation enabled? (never used the contivity client,
assuming it can do this..)
you may be running into NAT traversal issues....ESP doesn't use ports,
it's ip protocol 50 (and not *port* 50). As a result it can be
problematic to get a tunnel up through a FW performing NAT. UDP
encapsulation solves this problem by encapsulating ESP traffic inside
UDP packets on port 2746.
see phoneboy for a much better explanation:
just throwing an idea out there.
Dave Henderson wrote:
> Sorry for asking again but I am unable to connect to my company VPN box
> "Nortel Contivity 4500" from by PC (Contivity Client) behind M0n0wall.
> I did some testing a noticed the logs show traffic passed going out but
> I did not receive any response. I set up a rule to allow all traffic
> from any port from the IP of the Contivity but still did not see any
> info in the logs. If any one has any suggestion that would be great; I
> have tried "allow fragmented packets" in the firewall:rules LAN Net but
> his did not work. I was also wondering if any has recommended setting
> for the Interfaces:WAN MTU setting?
> Dave Henderson