[Openswan Users] natted connection to cisco vpn concentrator
Norbert Wegener
nw at sbs.de
Fri May 19 14:48:09 CEST 2006
Jacco de Leeuw wrote:
> Norbert Wegener wrote:
>
>> May 18 11:26:34 lino2 pluto[17400]: "rw" #2: our client ID returned
>> doesn't match my proposal
>
>
> It is the same problem when connecting to a Windows 2003 Server:
> http://lists.openswan.org/pipermail/dev/2006-January/001213.html
>
> According to Michael Richardson of the Openswan team it is a bug and
> they are working on it:
Fine.
> http://lists.openswan.org/pipermail/dev/2006-January/001216.html
>
>> May 18 11:26:34 lino2 pluto[17400]: "rw" #2: NAT-Traversal: received
>> 1 NAT-OA. ignored because peer is not NATed
>
>
> This is a bit odd. The Cisco is not behind NAT, righ?
Yes, the Cisco is directly connected to the Internet.
> Because your
> previous log said: "NAT-Traversal: Result using
> draft-ietf-ipsec-nat-t-ike-02/03:
> i am NATed". So as far as I know it should not send NAT-OA.
> At least Windows 2003 doesn't send it. Could it be a bug in the Cisco?
>
> Do you also see these messages like on Windows 2003?
>
> IKE message has the Commit Flag set but Pluto doesn't implement this
> feature; ignoring flag
> message ignored because it contains an unexpected payload type
> (ISAKMP_NEXT_HASH)
> sending encrypted notification INVALID_PAYLOAD_TYPE
No, I do not see those messages.
Norbert
>
> Jacco
More information about the Users
mailing list