Hello Richard, Not sure if this is your problem, but did you take a look at: http://leaf.sourceforge.net/doc/guide/bucu-conntrack.html
Eric > Thanks for the reply Arne, > > >> -----Original Message----- >> From: Arne Bernin [mailto:[EMAIL PROTECTED] >> > >> I do not really understand what your Problem is. Maybe you >> could explain it a bit more... You have Problems after reboot or you fix >> the problems with a reboot ? You are using standard IPSEC for this >> connection (no nat-t) ? > We are using the NetScreen-Remote client from behind our firewall to > connect to a remote NetScreen Firewall/VPN box at our hosting facility. > > Was working fine. > > >> What exactly is going wrong ? Are you using masquerading ? >> > Everything is masqueraded behind the firewall so we are using Nat-T and > the NetScreen client does seem to be using this. > > When things do not go OK some of the symptoms are that the firewall > still recognizes that there is a connection from the client in question to > the remote VPN box so no entry is written in the FW log (we have all > Policies logging for now to help troubleshoot). I have used Snort > (installed on the firewall) to sniff the traffic to the VPN client when > it is trying to connect and it is getting packets from the remote VPN box > but appears to be ignoring them. > > This seems to me to be some case of Nat-T not working properly, the UDP > packets being munged in a way that is not working with the client, or other > similar issues. The problem is that sometimes it works for a while then it > doesn't for a bit. Very inconsistent. > > Richard > > > > > ------------------------------------------------------- > This SF.Net email is sponsored by: > Power Architecture Resource Center: Free content, downloads, discussions, > and more. http://solutions.newsforge.com/ibmarch.tmpl > ------------------------------------------------------------------------ > leaf-user mailing list: [email protected] > https://lists.sourceforge.net/lists/listinfo/leaf-user > Support Request -- http://leaf-project.org/ > > ------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl ------------------------------------------------------------------------ leaf-user mailing list: [email protected] https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
