Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 1178 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

L2TP/IPsec with Astaro NATed

addrockk
I'm having some trouble getting L2TP/IPsec working on my ASG when it's behind a NAT. I've tried it with the other end both NATed and unNATed, but I get the same error.  I think the NAT that my Astaro is behind has NAT-T turned on, and also IKE, ESP, and AH allowed through explicitly. However, when I attempt to connect from any client I get: 
2011:05:18-16:08:08 gateway pluto[6678]: "S_REF_moWquEVXTx"[6] 208.105.104.57 #36: NAT-Traversal: Result using RFC 3947: i am NATed

2011:05:18-16:08:09 gateway pluto[6678]: "S_REF_moWquEVXTx"[6] 208.105.104.57 #36: Peer ID is ID_IPV4_ADDR: '208.105.104.57'

2011:05:18-16:08:09 gateway pluto[6678]: | NAT-T: new mapping 208.105.104.57:500/4500)

2011:05:18-16:08:09 gateway pluto[6678]: "S_REF_moWquEVXTx"[6] 208.105.104.57:4500 #36: sent MR3, ISAKMP SA established

2011:05:18-16:08:09 gateway pluto[6678]: "S_REF_moWquEVXTx"[6] 208.105.104.57:4500 #36: cannot respond to IPsec SA request because no connection is known for /32===10.66.128.5(astaro's external interface):4500[10.66.128.5]:17/1701...208.105.104.57:4500[208.105.104.57]:17/%any

2011:05:18-16:08:09 gateway pluto[6678]: "S_REF_moWquEVXTx"[6] 208.105.104.57:4500 #36: sending encrypted notification INVALID_ID_INFORMATION to 208.105.104.57:4500


Can anyone shed some light on what's going on from that section of logs? (I can provide more if you think it will help). Is my upstream/NAT set up right, or do I have to get them to fix something? 

TIA,
Adam


This thread was automatically locked due to age.