[ previous ] [ next ] [ threads ]
 From:  "Dave Henderson" <hendie at sympatico dot ca>
 To:  <dave at rodrig dot com>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] IPSec Support
 Date:  Wed, 14 Jan 2004 21:49:18 -0500
Thanks I am going to try the Checkpoint VPN client

-----Original Message-----
From: dave [mailto:dave at rodrig dot com] 
Sent: Tuesday, January 13, 2004 9:28 PM
To: Dave Henderson
Cc: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] IPSec Support

do you have udp encapsulation enabled? (never used the contivity client,

assuming it can do this..)

you may be running into NAT traversal issues....ESP doesn't use ports, 
it's ip protocol 50 (and not *port* 50). As a result it can be 
problematic to get a tunnel up through a FW performing NAT. UDP 
encapsulation solves this problem by encapsulating ESP traffic inside 
UDP packets on port 2746.

see phoneboy for a much better explanation:

just throwing an idea out there.

good luck

Dave Henderson wrote:
> Sorry for asking again but I am unable to connect to my company VPN
> "Nortel Contivity 4500" from by PC (Contivity Client) behind M0n0wall.
> I did some testing a noticed the logs show traffic passed going out
> I did not receive any response.  I set up a rule to allow all traffic
> from any port from the IP of the Contivity but still did not see any
> info in the logs.  If any one has any suggestion that would be great;
> have tried "allow fragmented packets" in the firewall:rules LAN Net
> his did not work. I was also wondering if any has recommended setting
> for the Interfaces:WAN MTU setting?
> Thanks
> Dave Henderson

To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch