[Openswan Users] Aggressive mode, NAT-T, destination behind NAT
Paul Wouters
paul at xelerance.com
Wed Apr 12 18:11:17 CEST 2006
On Wed, 12 Apr 2006, Brian Candler wrote:
> That part is OK - in Openswan 2.4.5 that message is just a warning. Also, it
> works fine when I'm using Openswan 2.4.5 to Cisco IOS with main mode. I get
> the same warning and it proceeds.
Ok.
> I can try replicating this in an openswan-to-openswan setup if you have an
> interest (that is, I've read on this list that aggressive mode is not well
> supported in openswan, so it depends whether you want to work on this or
> not)
aggressive mode is supported, though strongly discouraged for security
reasons.
If you can give us a openswan-openswan configuration that shows this problem,
we can make a test case, and then the bug should get fixed. Assuming it is
a bug with openswan, and not with the pix.
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list