[Vpn-help] Juniper SSG Commercial IPsec Gateway
Matthew Grooms
mgrooms at shrew.net
Fri Dec 14 04:10:43 CST 2007
Matthew Grooms wrote:
>
> Stefan,
>
> Thanks for submitting the log info which was very helpful. The problem
> is that I didn't read the NAT-T 00 and 01 draft specifications close
> enough so the IKE daemon is not behaving as it should. Beginning with
> draft 02, ports float and the non-esp marker is added. I need to make
> some changes and post a new build that skips these steps when draft 00
> or 01 are negotiated. Sorry for the trouble.
>
Right, so lets try this again. Making NAT-T work with all the drafts and
RFC specifications can be confusing. I won't go into details but draft
version 00 and 01 use a different marker system to differentiate between
ike and esp packets. Luckily one of the gateways I have here in my lab
supports version 00 so I had something to test with. It was actually
good exercise as I had a chance to notice some old some old cobwebs in
the code that were due for a good dusting.
In any case, please give this build a whirl and let me know how it turns
out.
http://www.shrew.net/vpn/download.php?name=vpn-client&vers=2.1.0-natt-00-x86
http://www.shrew.net/vpn/download.php?name=vpn-client&vers=2.1.0-natt-00-a64
Thanks,
-Matthew
More information about the vpn-help
mailing list