[Openswan Users] Cisco IP Redirect and L2TP
Jacco de Leeuw
jacco2 at dds.nl
Fri Nov 30 08:06:48 EST 2007
Lars Behrens wrote:
> Three days ago, our provider changed "ip redirect" on his Cisco-
> Gigabit-Router to "no ip redirect". Immediately it was no longer
> possible to start the L2TP-Tunnel while the IPSEC-Tunnel works as usual.
>
> Nov 29 09:19:35 syncie pluto[21221]: "vista"[8] 1.2.3.4 #8:
> STATE_QUICK_R2: IPsec SA established {ESP=>0xd64b929e <0x90c8d184
> xfrm=3DES_0-HMAC_MD5 NATD=1.2.3.4:4500 DPD=none}
> Nov 29 09:19:40 syncie pluto[21221]: ERROR: asynchronous network
> error report on eth0 (sport=4500) for message to 1.2.3.4 port 4500,
> complainant 22.22.22.22: No route to host [errno 113, origin ICMP
> type 3 code 1 (not authenticated)]
Does it change anything in the NAT negotiation? E.g.:
"NAT-Traversal: Result using RFC 3947 (NAT-Traversal): both are NATed"
If the server is behind NAT you may need to add 'leftnexthop=22.22.22.22'
and apply registry patches to Windows clients.
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list