[Openswan Users] CISCO heartburn turns in to WatchGuard heartburn

Paul Wouters paul at xelerance.com
Thu Feb 3 00:50:33 CET 2005


On Wed, 2 Feb 2005, Jeff Herring wrote:

> Now it looks like the WatchGaurds are doing nat even though I don't want it.
> i.e. Now pings go out esp packets but come back udp 4500...

It should never be possible that you send out ESP, and receive ESPinUDP. Can
you show me the IKE log of that connection and a tcpdump (preferably not on
the host, but on the machine in front of it) of some packets back and forth?

> Anyone have any ideas? I guess there is no way to tunnel by tunnel turn off 
> nat_traversal....

There was some option to force nat, but i dont think there was to unforce it.
It is on our todo list to make nat_traversal a per-conn option.

Paul


More information about the Users mailing list