Scorpy wrote: >> Okay -- this is interesting. The local router is clearly confused; I >> suspect as a result of NAT taking place between the two routers. It is >> sending an ISAKMP phase 1 R packet addressed to your firewall and with a >> source IP of the remote router (which is what we've been seeing in the >> Shorewall message). > >> So the two routers don't get so far as to negotiate an SA; the local one >> sends an unfathomable (to me) packet. > >> Afraid that you have reached the end of my knowledge here but I suspect >> that it is a configuration problem in one or both of the routers. Maybe >> someone more familiar with ISAKMP can shed some light. > > Is it posible to solve this problem to tell router where to send packets > with some static route? Or is there some options in shorewall maybe i can > use?
I don't know -- I don't know why the ZyXEL router is doing what it is doing so I have no idea how to fix it. One thing I notice is that your DNAT rule for UDP 500 is wrong. It appears to have 192.168.1.180 in the ORIGINAL DEST column; you should either leave that blank or you should have 193.95.229.95 in that column. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
