2010.05.10. 11:00 keltezéssel, Gabor HALASZ írta:
> A nattraversal es es az updencap biztos?
> Ha jol nezem a forrast, a ISAKMP_N_R_U_THERE-t a dpd soran kuldi, amire
> a ISAKMP_N_R_U_THERE_ACK valaszt kellene kapnia, de nincs kedvem
> atnyalazni az egesz vpnc-t.
>
Nem, egyáltalán nem biztos, csak találgatok. A linux box nat mögött van.
Net Traversal Mode
Cisco UDP Encapsulation Port
paramétereket kiiktatva a következőképpen alakul:
S4.4 AM_packet2
[2010-05-10 10:57:27]
(Cisco Unity)
(Xauth)
(DPD)
(Nat-T 02N)
(unknown)
(unknown)
(unknown)
got ike lifetime attributes: 2147483 seconds
IKE SA selected psk-aes128-sha1
peer is DPD capable (RFC3706)
peer is NAT-T capable (draft-02)\n
peer is using type 130 (ISAKMP_PAYLOAD_NAT_D_OLD) for NAT-Discovery
payloads
peer is using type 130 (ISAKMP_PAYLOAD_NAT_D_OLD) for NAT-Discovery
payloads
S4.5 AM_packet3
[2010-05-10 10:57:27]
NAT status: this end behind NAT? YES -- remote end behind NAT? no
NAT-T mode, adding non-esp marker
S4.6 cleanup
[2010-05-10 10:57:27]
S5 do_phase2_xauth
[2010-05-10 10:57:27]
S6 do_phase2_config
[2010-05-10 10:57:27]
S6.1 phase2_config send modecfg
[2010-05-10 10:57:27]
NAT-T mode, adding non-esp marker
S6.2 phase2_config receive modecfg
[2010-05-10 10:57:38]
received notice of type (ISAKMP_N_R_U_THERE)(36136), giving up
---!!!!!!!!! entering phase2_fatal !!!!!!!!!---
NAT-T mode, adding non-esp marker
NAT-T mode, adding non-esp marker
vpnc-connect: configuration response rejected:
(ISAKMP_N_INVALID_MESSAGE_ID)(9)
_________________________________________________
linux lista - [email protected]
http://mlf2.linux.rulez.org/mailman/listinfo/linux
