[Openswan Users] NAT-T really needed?

Paul Wouters paul at xelerance.com
Wed Apr 13 12:04:24 CEST 2005

On Tue, 12 Apr 2005, Alessandro Macuz wrote:

> I have been trying to start a VPN between a PIX 525 and a Linux box.
> PIX is behind a router doing NAT.
> I enabled NAT-T on both sides but Linux box tells me
> Apr 12 23:05:10 testvpn kernel: klips_debug:ipsec_rcv: suspected ESPinUDP 
> packet (NAT-Traversal) [1].

Does it say anything else?

> Why does it tell "suspected ESPinUDP packet (NAT-Traversal)". Do I really 
> need NAT-T?

Yes, you do.

> Obviously the tunnel doesn't work.

What is the exact error? (without klipsdebug!!!)
What is your configuration?
What is your nat-t router? Perhaps it is breaking things. Did you disable
IPsec passthrough?


More information about the Users mailing list