Dave Harrison wrote:
> Hi all,
>
> I've got a machine sitting behind a NAT box, and another machine with a
> public IP.
>
> X.X.X.X -- NAT Y.Y.Y.Y ======= Z.Z.Z.Z
>
> I want to establish a nat-t IPsec vpn between X.X.X.X and Z.Z.Z.Z
>
> But I'm having a problem where X.X.X.X tries to contact Z.Z.Z.Z on port 500
> and
> never goes over to 4500. Is there a flag I'm supposed to set in the
> isakmpd.conf file to tell it to use NAT-T ??
>
> Do I configure Z.Z.Z.Z to be aware of the other peer by the public IP that NAT
> box provides ?? or should I be using the private IP the box actually has ??
>
> Cheers
> Dave
Hi all,
Did some traffic dumps and found the following was showing up :
00:17:41.159694 00:00:00:00:00:00 11:11:11:11:11:11 0800 82: y.y.y.y.500 >
x.x.x.x.500: [udp sum ok] isakmp v1.0 exchange INFO
cookie: d82bfe36e204d916->0000000000000000 msgid: 00000000 len: 40
payload: NOTIFICATION len: 12
notification: INVALID PAYLOAD TYPE (ttl 64, id 49695, len 68)
Checked the errata page for 3.7 and realized that isakmpd had a patch registered
against it, recompiled and re-tested. Problem now solved. My fault ;-)
Dave
