Thanks for the reply Arne, > -----Original Message----- > From: Arne Bernin [mailto:[EMAIL PROTECTED]
> I do not really understand what your Problem is. Maybe you > could explain it a bit more... You have Problems after reboot > or you fix the problems with a reboot ? > You are using standard IPSEC for this connection (no nat-t) ? We are using the NetScreen-Remote client from behind our firewall to connect to a remote NetScreen Firewall/VPN box at our hosting facility. Was working fine. > What exactly is going wrong ? Are you using masquerading ? Everything is masqueraded behind the firewall so we are using Nat-T and the NetScreen client does seem to be using this. When things do not go OK some of the symptoms are that the firewall still recognizes that there is a connection from the client in question to the remote VPN box so no entry is written in the FW log (we have all Policies logging for now to help troubleshoot). I have used Snort (installed on the firewall) to sniff the traffic to the VPN client when it is trying to connect and it is getting packets from the remote VPN box but appears to be ignoring them. This seems to me to be some case of Nat-T not working properly, the UDP packets being munged in a way that is not working with the client, or other similar issues. The problem is that sometimes it works for a while then it doesn't for a bit. Very inconsistent. Richard ------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
