On 2014-06-18, Sebastian Reitenbach <[email protected]> wrote: > The only difference I see, but I'm unsure if this is OK or not, is that > the OpenBSD box sends ENCAPSULATION_MODE = TUNNEL, and the > Cisco box sends ENCAPSULATION_MODE = UDP_ENCAP_TUNNEL. > I'm not sure if that is expected, since the Cisco is behind a NAT > gateway.
Try http://packetmischief.ca/files/openbsd/patches/isakmpd-nat-t-encap-mode.diff For the configuration where I had problems with nat-t interop with cisco, I had to just get it working so I replaced the isakmpd box with an asa5505.
