On Thu, Oct 06, 2005 at 09:11:26PM -0500, Blaster wrote: > > > > Do the outgoing packets indeed have a.b.c.d as their source address? > > What does ipnat -lv have to say about the NAT entry for the connection? > > > > Yes they do...NAT was working correctly. I have seemed to have figured out > what's going on....The VPN server (a Cisco of some sort) is expecting the > source AND destination port to be 500. NAT was changing the source port and > the Cisco was apparently just discarding it. > > Adding > > map le0 from 172.16.2.0/24 port=500 to ip.of.vpn/32 -> a.b.c.d/32 > > seems to have done the trick. > > At this point, I guess I'm not sure what the IPSEC proxy is really supposed > to do.
What about the IPsec packets themselves? They also need to be NATted..... -Guido
