Scorpy wrote: > Maybe this will help. > I used tcpdump at the same time on dsl0 and eth0. > > ETH0 (local) > 22:38:16.155954 IP 192.168.1.180.isakmp > > cpe-85-10-34-99.static.amis.net.isakmp: isakmp: phase 1 I agg > 22:38:16.893540 IP cpe-85-10-34-99.static.amis.net.isakmp > > 192.168.1.180.isakmp: isakmp: phase 1 R agg > 22:38:16.894071 IP cpe-85-10-34-99.static.amis.net.isakmp > > BSN-95-229-95.dsl.siol.net.isakmp: isakmp: phase 1 R agg
Okay -- this is interesting. The local router is clearly confused; I suspect as a result of NAT taking place between the two routers. It is sending an ISAKMP phase 1 R packet addressed to your firewall and with a source IP of the remote router (which is what we've been seeing in the Shorewall message). So the two routers don't get so far as to negotiate an SA; the local one sends an unfathomable (to me) packet. Afraid that you have reached the end of my knowledge here but I suspect that it is a configuration problem in one or both of the routers. Maybe someone more familiar with ISAKMP can shed some light. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
