[c-nsp] Cisco VPN Concentrator
kevin gannon
kevin at gannons.net
Thu Nov 10 10:17:29 EST 2005
Turn off AH on the IPSec transform set also since I dont
see all the debugs double and triple check the group
keys/passwords.
Certainly in near VPN3k code you will get similar messages
for incorrect keys. Pay special attention if you are building
a tunnel from a Cisco IOS box these do not support all the
printable ASCII characters £ is an example it will get changed
to #. It seems that it only uses 7bits to stores ASCII.
Thanks & Regars
Kevin
On 11/10/05, Justin M. Streiner <streiner at cluebyfour.org> wrote:
> On Thu, 10 Nov 2005, Bob Fronk wrote:
>
> > Cisco VPN 3000 Concentrator. If you are familiar with this product, you
> > know that it has two interfaces, one private and one public. I do not
> > wish to give this device a public internet address. I want to place it
> > behind my PIX.
>
> If I read your message correctly, you will run into problems because IPSEC
> does not like being NAT'd. Anything that scribbles on the headers of an
> IP packet (like NAT) will be problematic with IPSEC since the packet
> checksum would change. You can try to work around this using NAT
> Transparency.
>
> jms
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list