my topology is like this:<br>(vpnclient)172.16.0.100-------(<a href="http://172.16.0.33">172.16.0.33</a> nat device <a href="http://10.9.99.33">10.9.99.33</a>)====10.9.99.200(vpn server)<br><br>my vpnclient configration :<br>
<p class="MsoPlainText"><span style="" lang="EN-US">config setup<span style=""></span><span style=""></span><br>
<span style=""> </span><span style=""> </span>nat_traversal=yes<span style=""></span><br>
<span style=""> </span>plutowait=yes</span></p><p class="MsoPlainText">
</p><p class="MsoPlainText"><span style="" lang="EN-US">conn %default<span style=""></span><br>
<span style=""> </span>leftrsasigkey=%cert<br>
<span style=""> </span>rightrsasigkey=%cert<span style=""></span><br>
include /etc/ipsec.d/examples/no_oe.conf</span></p><p class="MsoPlainText">
</p><p class="MsoPlainText"><span style="" lang="EN-US">conn nat-client <br>
<span style=""> </span><span style=""> </span>left=<a href="http://172.16.0.100">172.16.0.100</a><br>
<span style=""> </span>right=<a href="http://10.9.99.200">10.9.99.200</a></span></p><p class="MsoPlainText"><span style="" lang="EN-US"> auto=add</span></p><p class="MsoPlainText"><span style="" lang="EN-US"> authby=secret</span></p>
<p class="MsoPlainText"><br><span style="" lang="EN-US"></span></p><p class="MsoPlainText"><span style="" lang="EN-US">my vpn server configuration:</span></p><p class="MsoPlainText">config setup<br> nat_traversal=yes<br>
virtual_private=%4:<a href="http://172.16.0.0/16">172.16.0.0/16</a><br> plutowait=yes</p><p class="MsoPlainText">conn %default<br> leftrsasigkey=%cert<br> rightrsasigkey=%cert<br>include /etc/ipsec.d/examples/no_oe.conf<br>
</p><p class="MsoPlainText">conn nat-server<br> left=<a href="http://10.9.99.200">10.9.99.200</a><br> right=%any<br> rightsubnet=vhost:%priv<br> #rightsubnet=<a href="http://172.16.0.100/32">172.16.0.100/32</a><br>
authby=secret<br> auto=add</p><p class="MsoPlainText">now when i start the vpn server and the vpn client ,when they do quick mode ,get a error log message<br></p><p class="MsoPlainText">"May 17 02:41:33 slesvmserver88 pluto[25760]: "nat-server"[2] <a href="http://10.9.99.33">10.9.99.33</a> #1: cannot respond to IPsec SA request because no connection is known for 10.9.99.200...10.9.99.33[<a href="http://172.16.0.100">172.16.0.100</a>]===<a href="http://172.16.0.100/32">172.16.0.100/32</a>"</p>
<p class="MsoPlainText">so then i modify my server configration like this <br></p><p class="MsoPlainText">conn nat-server<br>
left=<a href="http://10.9.99.200">10.9.99.200</a><br>
right=%any<br>
#rightsubnet=vhost:%priv<br>
rightsubnet=<a href="http://172.16.0.100/32">172.16.0.100/32</a><br>
authby=secret<br>
auto=add</p><p class="MsoPlainText">then the vpn client can make ipsec connection to vpn sever successfully ,but why i cant make it successfully with the first configuration? why?<br></p>