[VPN] IPsec and IKE in an dynamic NAT environment
Chad Osmond
osmond at holburn.com
Wed Jan 29 12:19:37 EST 2003
Are you using SSH Sentinal on both ends?
Chad
-----Original Message-----
From: Nicolas Saurbier [mailto:Nicolas.Saurbier at biodata.de]
Sent: January 29, 2003 11:43 AM
To: vpn at lists.shmoo.com
Subject: [VPN] IPsec and IKE in an dynamic NAT environment
Importance: High
Hi All,
this is the first time, I post into this list, so "Hi everybody!!!"
Now I need a little help:
Situation:
I have a VPN-Gateway with an official IP-address attached directly to the internet. I have a Router that does ISDN dial-up to my ISP. The Router doesn´t get a fixed IP-address. The Router is doing Masquerading (192.168.0.0/24 => x.x.x.x/32)
How it should work:
The users in my 192.168.0.0/24 network shall use Software IPsec-clients, I chose "SSH Sentinel 1.4". My problem is, that the IKE is working fine, but the VPN-Gateway denies all incoming esp-packets and sends back an ICMP-packet "Proto 50 unreachable"
SSH Sentinel has got an option called "NAT traversel"....did any1 of you ever work with SSH Sentinel??? Any1 of you doing the same as me?
NIC
_______________________________________________
VPN mailing list
VPN at lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/vpn
More information about the VPN
mailing list