On Thu, 2005-10-06 at 13:27 -0700, Richard Amerman wrote: > > -----Original Message----- > > From: Arne Bernin [mailto:[EMAIL PROTECTED] > > > you might want to use tcpdump for this (well i never used > > snort for that, so i don't know if it is easy to use and gets > > all traffic). If you save the tcpdump output somewhere you > > can use ethereal (on windows or > > unix) to take a detailed look what is going on. > > I can do this fairly easily with Snort. I did see that when looking at > the inside interface of the FW while a local client was trying to > connect to the VPN but failing, that all the UDP packets arriving to > that host from the remote VPN server were all from port 500. This was > using the simplest sniffer mode. Snort -v -i eth3 host 192.168.1.120
ok. It might be interesting to see what the packets from the client look like when they leave your net masqueraded....That's where our problem is, they do not come from port 500 and the firewall before the vpn gateway which should nat this back to port 500 is running linux with the nat problem... :-( > I'll take a closer look at this issue. > ok. > Thanks > > > --arne -- Arne Bernin <[EMAIL PROTECTED]> http://www.ucBering.de ------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl ------------------------------------------------------------------------ leaf-user mailing list: [email protected] https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
