[Openswan Users] NAT-T problem
Tiago Freitas Leal
tfl at netcabo.pt
Thu Sep 2 20:10:18 CEST 2004
Hi all,
Both ends run Openswan 1.0.7
One end is not NATed.
The other end is NATed
After
02:40:56 pluto[4612]: | NAT-T: new mapping 82.x.x.x:500/4500)
02:40:56 pluto[4612]: "standalone" #3: sent MR3, ISAKMP SA established
02:40:56 pluto[4612]: "standalone" #4: responding to Quick Mode
02:40:56 pluto[4612]: "standalone" #4: transition from state (null) to state
STATE_QUICK_R1
02:40:57 pluto[4612]: "standalone" #4: transition from state STATE_QUICK_R1
to state STATE_QUICK_R2
02:40:57 pluto[4612]: "standalone" #4: IPsec SA established
Five minutes later I got
02:45:37 pluto[4612]: packet from 82.x.x.x:4500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-03]
02:45:37 pluto[4612]: packet from 82.x.x.x:4500: ignoring Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02]
02:45:37 pluto[4612]: packet from 82.x.x.x:4500: ignoring Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-00]
02:45:37 pluto[4612]: packet from 82.x.x.x:4500: initial Main Mode message
received on 192.168.1.2:4500 but no connection has been authorized with
policy=PSK
Why 4500? Isn't it IKE? I thought IKE took care of all negotiations on
UDP/500 and UDP/4500 was only for ESP.
What is wrong?
Tiago
More information about the Users
mailing list