<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1106" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial color=#000080 size=2>Hello.</FONT></DIV>
<DIV><FONT face=Arial color=#000080 size=2></FONT> </DIV>
<DIV><FONT face=Arial color=#000080 size=2>I am trying to configure a vpn
connection between two linux (linux1 and linux2), both of them behind an
adsl router. But I have some problems... </FONT></DIV>
<DIV><FONT face=Arial color=#000080 size=2>Let me show you 2
senarios:</FONT></DIV>
<DIV><FONT face=Arial color=#000080 size=2></FONT> </DIV>
<DIV><FONT face=Arial color=#000080 size=2>Scenario 1:</FONT></DIV>
<DIV><FONT face=Arial color=#000080 size=2> linux 1 ->
ipsec.conf</FONT></DIV>
<DIV><FONT face=Arial color=#000080 size=2>
...</FONT></DIV>
<DIV><FONT face=Arial color=#000080 size=2>
auto=start</FONT></DIV>
<DIV><FONT face=Arial color=#000080 size=2>
...</FONT></DIV>
<DIV><FONT face=Arial color=#000080 size=2> linux 2 ->
ipsec.conf</FONT></DIV>
<DIV><FONT face=Arial color=#000080 size=2>
...</FONT></DIV>
<DIV><FONT face=Arial color=#000080 size=2>
auto=add</FONT></DIV>
<DIV><FONT face=Arial color=#000080 size=2>
...</FONT></DIV>
<DIV><FONT face=Arial color=#000080 size=2></FONT> </DIV>
<DIV><FONT face=Arial color=#000080 size=2>In this scenario, linux1 sends the
first packet to linux 2 (src and dst port = 500) and the communication is
established (port 500 and 4500 open in both linux) without problem. I can ping
from subnet1 to subnet2 but not from subnet2 to subnet1.</FONT></DIV>
<DIV><FONT face=Arial color=#000080 size=2></FONT> </DIV>
<DIV><FONT face=Arial color=#000080 size=2>Scenario 2</FONT></DIV>
<DIV><FONT face=Arial color=#000080 size=2> linux 1 ->
ipsec.conf</FONT></DIV>
<DIV><FONT face=Arial color=#000080 size=2>
...</FONT></DIV>
<DIV><FONT face=Arial color=#000080 size=2>
auto=add</FONT></DIV>
<DIV><FONT face=Arial color=#000080 size=2>
...</FONT></DIV>
<DIV><FONT face=Arial color=#000080 size=2> linux 2 ->
ipsec.conf</FONT></DIV>
<DIV><FONT face=Arial color=#000080 size=2>
...</FONT></DIV>
<DIV><FONT face=Arial color=#000080 size=2>
auto=start</FONT></DIV>
<DIV><FONT face=Arial color=#000080 size=2>
...</FONT></DIV>
<DIV><FONT face=Arial color=#000080 size=2>In this case, linux2 sends the first
packet to linux1. Linux2 receives a icmp isakmp port unreachable from public ip
of adsl1. </FONT></DIV>
<DIV><FONT face=Arial color=#000080 size=2>My ISP which manages the adsl
router tells me that all ports are open.</FONT></DIV>
<DIV><FONT face=Arial color=#000080 size=2>Why is this possible?</FONT></DIV>
<DIV><FONT face=Arial color=#000080 size=2>May it be because of a firewall
rule?</FONT></DIV>
<DIV><FONT face=Arial color=#000080 size=2>In scenario1, I sniifer both linux
and see packets from one to antother to and from ports 500 and 4500. But in
Scenario2, I can only see pckets in linux2: one packet sent to port 500 and the
icmp packet.</FONT></DIV>
<DIV><FONT face=Arial color=#000080 size=2></FONT> </DIV>
<DIV><FONT face=Arial color=#000080 size=2>Any help?</FONT></DIV>
<DIV><FONT face=Arial color=#000080 size=2>Thanks.</FONT></DIV>
<DIV><FONT face=Arial color=#000080 size=2>Alberto</FONT></DIV>
<DIV><FONT face=Arial color=#000080 size=2></FONT> </DIV>
<DIV><FONT face=Arial color=#000080 size=2></FONT> </DIV>
<DIV><FONT face=Arial color=#000080 size=2></FONT> </DIV>
<DIV><FONT face=Arial color=#000080 size=2></FONT> </DIV>
<DIV><FONT face=Arial color=#000080 size=2></FONT> </DIV>
<DIV><FONT face=Arial color=#000080 size=2></FONT> </DIV></BODY></HTML>