RE: [leaf-user] Road-warrior trouble: was Please Help: How to turn on Nat Traversal in Bering?

Mon, 26 Jul 2004 11:16:31 -0700 

<After long delay getting back to this...>
Thanks, Erich!
Yes, nat_traversal=yes removes the [disabled] portion of the auth.log record. This is 
on both firewalls below.

But, I am having other problems with the home win2k machine.   
What I am doing is using Bering 1.2 at both "home" and "work" firewalls.  
Home is Bering 1.2 on two floppys, internal network 192.168.1.0/24, ext. static IP 
216.12.x.y .
Work firewall is Bering CD, internal 192.168.10.0/24 external IP 137.45.w.z.

The setup is 
W2k --- homefw --- internet ---university.net -- W2k --- ethsw --- workfw --- 
int.subnet
^            ^                                     ^              ^
192.168.1.3  216.12.x.y                       137.45.p.q      137.45.w.z   
192.168.10.0/24
Can't ping 192.168.10.13                 Can ping 192.168.10.13

The symptom is that with identical road-warrior style configs on both W2K machines, 
the results are different.  Also, the university has no firewall (checked with acad. 
Computing).
We have university laptops that we take home with the cisco ipsec client and I can 
attach these to the internal home network and connect up fine... So the university 
router ACLs appear to allow ipsec traffic in and out.

This is with outbound-filter (same on both win2k security settings)
source = my ipaddress/32
dest= 192.168.10.0/24
out-tunnel = 137.45.192.69 --- work fw external IP

inbound-filter
source= 192.168.10.0/24
dest=my IP addresss/32
in-tunnel = 192.168.1.3 (ip address on home win2k machine)

I get no event errors in the Event Viewer, no shorewall log errors,
but 100% packet loss over all 12 pings.

The only salient differences seem to be that 
1) in the inbound tunnel address is private address on home w2k, and
2) going trhough two firewalls instead of one.

What could be wrong here?

TIA for any help.
Rick.

-----Original Message-----
From: Erich Titl [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, July 20, 2004 3:15 PM
To: Tibbs, Richard; [EMAIL PROTECTED]
Subject: Re: [leaf-user] Please Help: How to turn on Nat Traversal in Bering?


Hi Rick

At 18:04 20.07.2004, you wrote:
>Hello list: (reposting this -- got no replies from last week) In 
>booting up Bering 1.2, one of the messages in auth.log is:
>Jul 16 13:07:15 firewall pluto[25864]:   including NAT-Traversal patch
>(Version0.5a) [disabled]
>
>How does one enable NAT traversal --

I copied this from the net

FreesWan side:
config setup
         interfaces="ipsec0=eth1"
         klipsdebug=all
         plutodebug=all
         uniqueids=yes
         nat_traversal=yes

Please tell me about your success

cheers
Erich


THINK
P�ntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16




-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idG21&alloc_id040&op=click
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Reply via email to