[Openswan Users] newbie help - RHEL 3 behind NAT to SonicWall6

Paul Wouters paul at xelerance.com
Wed Feb 1 19:21:55 CET 2006


On Wed, 1 Feb 2006, Kimberly Knowles Nico wrote:

> I have not yet tried 2.4.5, but I wanted to report this tcpdump as a possible
> clue:

> (42)
> 07:40:43.208691 192.168.2.2 > proxy.vizdom.com: ESP(spi=0x929e42fb,seq=0x16)
> (DF)
> 07:40:44.227513 192.168.2.2 > proxy.vizdom.com: ESP(spi=0x929e42fb,seq=0x17)
> (DF)
>
> Does this point at a router misconfiguration?  I am using a Belkin product that
> does NAT.

It can be one of two things:

1) A "helpfull" IPsec passthrough NAT router breaking nat-traversal.
2) One of the two end points did not support nat-traversal and a non-natt IPsec SA
   was established that will not work.

Paul


More information about the Users mailing list