[Openswan Users] Cisco IP Redirect and L2TP

Jacco de Leeuw jacco2 at dds.nl
Fri Nov 30 08:06:48 EST 2007


Lars Behrens wrote:

> Three days ago, our provider changed "ip redirect" on his Cisco- 
> Gigabit-Router to "no ip redirect". Immediately it was no longer  
> possible to start the L2TP-Tunnel while the IPSEC-Tunnel works as usual.
> 
> Nov 29 09:19:35 syncie pluto[21221]: "vista"[8] 1.2.3.4 #8:  
> STATE_QUICK_R2: IPsec SA established {ESP=>0xd64b929e <0x90c8d184  
> xfrm=3DES_0-HMAC_MD5 NATD=1.2.3.4:4500 DPD=none}
> Nov 29 09:19:40 syncie pluto[21221]: ERROR: asynchronous network  
> error report on eth0 (sport=4500) for message to 1.2.3.4 port 4500,  
> complainant 22.22.22.22: No route to host [errno 113, origin ICMP  
> type 3 code 1 (not authenticated)]

Does it change anything in the NAT negotiation? E.g.:
"NAT-Traversal: Result using RFC 3947 (NAT-Traversal): both are NATed"
If the server is behind NAT you may need to add 'leftnexthop=22.22.22.22'
and apply registry patches to Windows clients.

Jacco
-- 
Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl


More information about the Users mailing list