<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Stefan,<br>
<br>
Thanks for the response. I shouldn't be using any firewall (at least
that was my goal), but here is the output from iptables just in case:<br>
<br>
iptables -vnL<br>
<br>
Chain INPUT (policy ACCEPT 6 packets, 1124 bytes)<br>
pkts bytes target prot opt in out source
destination <br>
<br>
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)<br>
pkts bytes target prot opt in out source
destination <br>
<br>
Chain OUTPUT (policy ACCEPT 4 packets, 881 bytes)<br>
pkts bytes target prot opt in out source
destination <br>
<br>
Thanks,<br>
<br>
Rob<br>
<br>
<br>
Stefan Bauer wrote:
<blockquote cite="mid:4BD7D654.8030201@cubewerk.de" type="cite">
<pre wrap="">Am 24.04.2010 15:28, Rob Ratcliff schrieb:
</pre>
<blockquote type="cite">
<pre wrap="">10/04/24 06:55:45 DB : exchange type is aggressive
10/04/24 06:55:45 ii : local supports nat-t ( draft v00 )
10/04/24 06:55:45 >> : vendor id payload
10/04/24 06:55:45 ii : local supports nat-t ( draft v01 )
10/04/24 06:55:45 >> : vendor id payload
10/04/24 06:55:45 ii : local supports nat-t ( draft v02 )
10/04/24 06:55:45 >> : vendor id payload
10/04/24 06:55:45 ii : local supports nat-t ( draft v03 )
10/04/24 06:55:45 >> : vendor id payload
10/04/24 06:55:45 ii : local supports nat-t ( rfc )
10/04/24 06:55:45 -> : send IKE packet 192.168.1.103:500 ->
xx.xxx.xxx.xx:500 ( 533 bytes )
10/04/24 06:55:45 DB : phase1 resend event scheduled ( ref count = 2 )
10/04/24 06:55:45 ii : opened tap device tap0
10/04/24 06:55:55 -> : resend 1 phase1 packet(s) 192.168.1.103:500 ->
xx.xxx.xxx.xx:500
10/04/24 06:56:05 -> : resend 1 phase1 packet(s) 192.168.1.103:500 ->
xx.xxx.xxx.xx:500
10/04/24 06:56:15 -> : resend 1 phase1 packet(s) 192.168.1.103:500 ->
xx.xxx.xxx.xx:500
10/04/24 06:56:25 ii : resend limit exceeded for phase1 exchange
10/04/24 06:56:25 ii : phase1 removal before expire time
</pre>
</blockquote>
<pre wrap=""><!---->
Rob,
not even the initial port change to 4500 udp (nat-t) is done
correctly. Are you sure, your machine is not running a firewall?
What's the output of "iptables -vnL" ?
Stefan
</pre>
</blockquote>
<br>
</body>
</html>