[Vpn-help] Wrong IKE port?
marauder at tiscali.it
Fri Feb 8 03:59:24 CST 2008
On Thu, Feb 07, 2008 at 10:43:46PM -0600, Matthew Grooms wrote:
> IKE communications on port 4500 is quite normal when Nat Traversal
> support is used. Take a look at RFC 3947 "Negotiation of NAT-Traversal
> in the IKE" section 4 entitiled "Changing to Now Ports".
yes, I was aware of this. But as far as I knew, negotiation should
always start at port 500, then eventually transition to 4500 upon
detecting NAT. What struck me as odd was the attempt to use port 4500
since the very first phase of the conversation.
> It sounds like you have discovered an internal state issue with the
> IKE daemon. Can you restart the IKE daemon service, reproduce the
> issue, stop the service and send me the log output? Hopefully I can
> determine the series of events that cause iked to get confused and
> correct the problem.
Sure. I'll provide the dump off-list.
Tieffe Sistemi S.r.l. viale Piceno 21, Milano
www.tieffesistemi.com tel. +39 02 76115215
More information about the vpn-help