[Openswan Users] natted connection to cisco vpn concentrator
Jacco de Leeuw
jacco2 at dds.nl
Thu May 18 13:02:23 CEST 2006
Norbert Wegener wrote:
> May 18 11:26:34 lino2 pluto[17400]: "rw" #2: our client ID returned
> doesn't match my proposal
It is the same problem when connecting to a Windows 2003 Server:
http://lists.openswan.org/pipermail/dev/2006-January/001213.html
According to Michael Richardson of the Openswan team it is a bug and
they are working on it:
http://lists.openswan.org/pipermail/dev/2006-January/001216.html
> May 18 11:26:34 lino2 pluto[17400]: "rw" #2: NAT-Traversal: received 1
> NAT-OA. ignored because peer is not NATed
This is a bit odd. The Cisco is not behind NAT, righ? Because your
previous log said: "NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03:
i am NATed". So as far as I know it should not send NAT-OA.
At least Windows 2003 doesn't send it. Could it be a bug in the Cisco?
Do you also see these messages like on Windows 2003?
IKE message has the Commit Flag set but Pluto doesn't implement this
feature; ignoring flag
message ignored because it contains an unexpected payload type
(ISAKMP_NEXT_HASH)
sending encrypted notification INVALID_PAYLOAD_TYPE
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list