[Openswan Users] natted connection to cisco vpn concentrator

Norbert Wegener nw at sbs.de
Fri May 19 14:48:09 CEST 2006

Jacco de Leeuw wrote:

> Norbert Wegener wrote:
>> May 18 11:26:34 lino2 pluto[17400]: "rw" #2: our client ID returned 
>> doesn't match my proposal
> It is the same problem when connecting to a Windows 2003 Server:
> http://lists.openswan.org/pipermail/dev/2006-January/001213.html
> According to Michael Richardson of the Openswan team it is a bug and
> they are working on it:


> http://lists.openswan.org/pipermail/dev/2006-January/001216.html
>> May 18 11:26:34 lino2 pluto[17400]: "rw" #2: NAT-Traversal: received 
>> 1 NAT-OA. ignored because peer is not NATed
> This is a bit odd. The Cisco is not behind NAT, righ? 

Yes, the Cisco is directly connected to the Internet.

> Because your
> previous log said: "NAT-Traversal: Result using 
> draft-ietf-ipsec-nat-t-ike-02/03:
> i am NATed". So as far as I know it should not send NAT-OA.
> At least Windows 2003 doesn't send it. Could it be a bug in the Cisco?

> Do you also see these messages like on Windows 2003?
> IKE message has the Commit Flag set but Pluto doesn't implement this
> feature; ignoring flag
> message ignored because it contains an unexpected payload type
> sending encrypted notification INVALID_PAYLOAD_TYPE

No, I do not see those messages.

> Jacco

More information about the Users mailing list