[Openswan Users] natted connection to cisco vpn concentrator

Jacco de Leeuw jacco2 at dds.nl
Thu May 18 13:02:23 CEST 2006

Norbert Wegener wrote:

> May 18 11:26:34 lino2 pluto[17400]: "rw" #2: our client ID returned 
> doesn't match my proposal

It is the same problem when connecting to a Windows 2003 Server:

According to Michael Richardson of the Openswan team it is a bug and
they are working on it:

> May 18 11:26:34 lino2 pluto[17400]: "rw" #2: NAT-Traversal: received 1 
> NAT-OA. ignored because peer is not NATed

This is a bit odd. The Cisco is not behind NAT, righ? Because your
previous log said: "NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03:
i am NATed". So as far as I know it should not send NAT-OA.
At least Windows 2003 doesn't send it. Could it be a bug in the Cisco?

Do you also see these messages like on Windows 2003?

   IKE message has the Commit Flag set but Pluto doesn't implement this
     feature; ignoring flag
   message ignored because it contains an unexpected payload type
   sending encrypted notification INVALID_PAYLOAD_TYPE

Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl

More information about the Users mailing list