<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
<font size="-1"><font face="Helvetica, Arial, sans-serif">I still
can't get noNAT to work with nat_traversal=yes and L2TP-PSK-NAT
configured. As soon as I change nat_traversal to no and comment
L2TP-PSK-NAT, it works fine. The logs show that NAT is not
detected, but L2TP-PSK-noNAT is not being considered when using
a public IP address:<br>
<br>
"L2TP-PSK-NAT"[3] 198.X.X.168 #9: NAT-Traversal: Result using
draft-ietf-ipsec-nat-t-ike (MacOS X): no NAT detected<br>
"L2TP-PSK-NAT"[3] 198.X.X.168 #9: transition from state
STATE_MAIN_R1 to state STATE_MAIN_R2<br>
"L2TP-PSK-NAT"[3] 198.X.X.168 #9: STATE_MAIN_R2: sent MR2,
expecting MI3<br>
"L2TP-PSK-NAT"[3] 198.X.X.168 #9: ignoring informational
payload, type IPSEC_INITIAL_CONTACT msgid=00000000<br>
"L2TP-PSK-NAT"[3] 198.X.X.168 #9: Main mode peer ID is
ID_IPV4_ADDR: '198.X.X.168'<br>
"L2TP-PSK-NAT"[3] 198.X.X.168 #9: transition from state
STATE_MAIN_R2 to state STATE_MAIN_R3<br>
"L2TP-PSK-NAT"[3] 198.X.X.168 #9: new NAT mapping for #9, was
198.X.X.168:500, now 198.X.X.168:4500<br>
"L2TP-PSK-NAT"[3] 198.X.X.168 #9: STATE_MAIN_R3: sent MR3,
ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256
prf=oakley_sha group=modp1024}<br>
"L2TP-PSK-NAT"[3] 198.X.X.168 #9: the peer proposed:
74.X.X.1/32:17/1701 -> 198.X.X.168/32:17/0<br>
"L2TP-PSK-NAT"[3] 198.X.X.168 #9: cannot respond to IPsec SA
request because no connection is known for
74.X.X.1<74.X.X.1>[+S=C]:17/1701...198.X.X.168[+S=C]:17/57507<br>
<br>
After I set nat_traversal=no and comment out L2TP-PSK-NAT, it
looks like this:<br>
<br>
"L2TP-PSK-noNAT"[1] 198.X.X.168 #1: responding to Main Mode from
unknown peer 198.X.X.168<br>
"L2TP-PSK-noNAT"[1] 198.X.X.168 #1: transition from state
STATE_MAIN_R0 to state STATE_MAIN_R1<br>
"L2TP-PSK-noNAT"[1] 198.X.X.168 #1: STATE_MAIN_R1: sent MR1,
expecting MI2<br>
"L2TP-PSK-noNAT"[1] 198.X.X.168 #1: transition from state
STATE_MAIN_R1 to state STATE_MAIN_R2<br>
"L2TP-PSK-noNAT"[1] 198.X.X.168 #1: STATE_MAIN_R2: sent MR2,
expecting MI3<br>
"L2TP-PSK-noNAT"[1] 198.X.X.168 #1: ignoring informational
payload, type IPSEC_INITIAL_CONTACT msgid=00000000<br>
"L2TP-PSK-noNAT"[1] 198.X.X.168 #1: Main mode peer ID is
ID_IPV4_ADDR: '198.X.X.168'<br>
"L2TP-PSK-noNAT"[1] 198.X.X.168 #1: transition from state
STATE_MAIN_R2 to state STATE_MAIN_R3<br>
"L2TP-PSK-noNAT"[1] 198.X.X.168 #1: STATE_MAIN_R3: sent MR3,
ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256
prf=oakley_sha group=modp1024}<br>
"L2TP-PSK-noNAT"[1] 198.X.X.168 #1: the peer proposed:
74.X.X.1/32:17/1701 -> 198.X.X.168/32:17/0<br>
"L2TP-PSK-noNAT"[1] 198.X.X.168 #2: responding to Quick Mode
proposal {msgid:0b67d6a3}<br>
"L2TP-PSK-noNAT"[1] 198.X.X.168 #2: us:
74.X.X.1<74.X.X.1>[+S=C]:17/1701<br>
"L2TP-PSK-noNAT"[1] 198.X.X.168 #2: them:
198.X.X.168[+S=C]:17/0<br>
"L2TP-PSK-noNAT"[1] 198.X.X.168 #2: transition from state
STATE_QUICK_R0 to state STATE_QUICK_R1<br>
"L2TP-PSK-noNAT"[1] 198.X.X.168 #2: STATE_QUICK_R1: sent QR1,
inbound IPsec SA installed, expecting QI2<br>
"L2TP-PSK-noNAT"[1] 198.X.X.168 #2: transition from state
STATE_QUICK_R1 to state STATE_QUICK_R2<br>
"L2TP-PSK-noNAT"[1] 198.X.X.168 #2: STATE_QUICK_R2: IPsec SA
established transport mode {ESP=>0x0c04d426 <0x253046ff
xfrm=AES_256-HMAC_SHA1 NATOA=none NATD=none DPD=none}<br>
<br>
</font></font>
</body>
</html>