|
||||||||||
Thanks I am going to try the Checkpoint VPN client Dave -----Original Message----- From: dave [mailto:dave at rodrig dot com] Sent: Tuesday, January 13, 2004 9:28 PM To: Dave Henderson Cc: m0n0wall at lists dot m0n0 dot ch Subject: Re: [m0n0wall] IPSec Support do you have udp encapsulation enabled? (never used the contivity client, assuming it can do this..) you may be running into NAT traversal issues....ESP doesn't use ports, it's ip protocol 50 (and not *port* 50). As a result it can be problematic to get a tunnel up through a FW performing NAT. UDP encapsulation solves this problem by encapsulating ESP traffic inside UDP packets on port 2746. see phoneboy for a much better explanation: http://oldfaq.phoneboy.com/fom-serve/cache/510.html just throwing an idea out there. good luck dave Dave Henderson wrote: > Sorry for asking again but I am unable to connect to my company VPN box > "Nortel Contivity 4500" from by PC (Contivity Client) behind M0n0wall. > I did some testing a noticed the logs show traffic passed going out but > I did not receive any response. I set up a rule to allow all traffic > from any port from the IP of the Contivity but still did not see any > info in the logs. If any one has any suggestion that would be great; I > have tried "allow fragmented packets" in the firewall:rules LAN Net but > his did not work. I was also wondering if any has recommended setting > for the Interfaces:WAN MTU setting? > > Thanks > Dave Henderson > --------------------------------------------------------------------- To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch |