Correct me if I am wrong; but, isn't transport mode solely for host-to-host vpn's?
Everything seems to be OK in auth.log and ipsec look appears OK, when I use tunnel mode -- however, we cannot ping nor telnet nor ftp to the other side. tcpdump shows outgoing requests; but, nothing comes back. Unfortunately, the other side is not cooperative, because he insists that we must use a cisco like he is, and he's determined to prove that to us all ;< When I select type=transport, auth.log process never completes and no ``IPSec SA is established ...'' appears. What do you think? "Michael D. Schleif" wrote: > > Received following set of requirements for one of our DCD's to connect > to a remote non-DCD site: > > ISAKMP Policy: > Encryption: 3DES > Hash: MD5 > Authentication: pre shared keys > Diffie Helman group 1 or 2 > > Use the following key: ------------ > IPSec GW Address: 204.235.103.2 > > Destination Network: 204.235.101.128 255.255.255.240 > > IPSec Policy > ESP Transform: 3DES > ESP Authentication Transform: md5-hmac > > IPSec mode is transport. Please be sure to apply NAT *BEFORE* IPSec. > Private Addresses leaked onto the the network will be rejected. > > We have not setup ipsec to non-DCD before. > > Is this doable? > > Is above information adequate? > > Is there anything unusual to this setup? -- Best Regards, mds mds resource 888.250.3987 Dare to fix things before they break . . . Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I don't know . . . ------------------------------------------------------- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html