Dave Ockwell-Jenner wrote: > Yes, indeed. The relevant line from ipnat.conf is: > > map eri0 192.168.1.0/24 -> 0.0.0.0/32 proxy port 500 ipsec/udp > > udp port 500 is passed through the firewall, as well as ESP and AH > protocols, a-la: > > pass in log on eri0 proto udp from any to any port = 500 group 110 > pass in log on eri0 proto esp from any to any > pass in log on eri0 proto ah from any to any
With rules like that in ipf.conf, try running without the proxy line for ipsec. But I'm still interested in the crash dump :) Darren
