[Vpn-help] New 2.0 Alpha Available ...
Matthew Grooms
mgrooms at shrew.net
Sun Oct 1 15:16:14 CDT 2006
Peter Eisch wrote:
>
> The description next to the ASN1DN "ignore" checkbox has a formatting
> problem.
>
Thanks, I will look into it. Its probably an 2K -> XP glitch as I do
most of my testing on the lowest common denominator.
> I tried to leave as much "auto" as I could but couldn't get phase1 up. The
> log is attached.
>
Ok, this is a catch 22 with aggressive mode and NATT that I hadn't
considered. You have to include hash payloads for the NAT discovery in
the first and second packet before the proposals have been reviewed so
we may not be able to negotiate the hash algorithm parameter in this
scenario. It should work if you static configure the hash algo on both
ends or use main mode instead. I will go back to the RFC and see if it
mentions how to handle this.
Thanks,
-Matthew
More information about the vpn-help
mailing list