Hello!
This is the *last* thing I need to work, and I'm ready to take over the world! Or something...
I've got multiple subnet-to-subnet and subnet-to-host IPSec tunnels working, with both plain RSA keys as well as certs. I've tested it with Leaf firewall clients, Windows 2000 IPSec client and SSH Sentinel client. Everything works fine, as long as there is no NAT.
I've tried to make either the SSH Sentinel client or the Windows IPSec client (with NAT-T update) work through a Linksys router (BEFSR41). No joy.
I've got nat_traversal=yes on my Leaf configuration. I've tried it with the Linksys with IPSec Passthrough on and off, with SSH Sentinel with NAT-T on and off, and with Windows 2000 IPSec both before and after the NAT-T patch. None of them work.
The error I get most commonly is "no suitable connection for <subnet IP> ==> <Firewall IP> => <cert info> => <remote IP> => <Cert ID>". *All* of the information is correct. If I run it not through the NAT, it works fine, but add NAT and it's no dice.
I have two related questions: 1) What else can I do to make NAT Traversal work? I can't find anything else to try on the LEAF end (there is no real config that I can find), and I"ve tried everything that I can think of on the client (including forwarding port 500 to the internal computer).
Maybe more importantly, 2) Is there a better way of doing this? If I were to replace the Linksys with something else, would that help? If I were to use a different Windows client, would that help? Any other thoughts?
This is the *last* piece of the puzzle! Thank you all for your help in getting me this far. I cannot tell you how much I appreciate all of the suggestions you have made.
Tim Massey
------------------------------------------------------- This SF.Net email is sponsored by: InterSystems CACHE FREE OODBMS DOWNLOAD - A multidimensional database that combines robust object and relational technologies, making it a perfect match for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8 ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
