[c-nsp] A bit of backup on IPSEC/GRE/NAT
Tuc at T-B-O-H.NET
ml at t-b-o-h.net
Mon Nov 6 08:54:50 EST 2006
>
> Hi,
>
> On Sun, Nov 05, 2006 at 09:00:44PM -0500, Tuc at T-B-O-H.NET wrote:
> > So, next I re-ip the one on my laptop for it
> > to appear to be behind a consumer wireless router.
> > I open up and forward ports 500 and 4500 to it. I
> > change the configs what I THINK is correct. No work...
> > It looks like the IPSec is happy, I see what seems
> > like the session being up, but it looks like the GRE
> > is having serious issues.
>
> You need to have the consumer router forward IPSEC packets as well
> (IP protocol 50) - or enable NAT-Traversal on both sides.
>
I've opened up port 500 and 4500, and once I put it behind
the consumer router the NAT-T kicks in.
>
> Besides this, things look fine.
>
:-/ But its not working.
When I try to ping I get a quickmode startup error or
that the packet is the wrong protocol (47 {GRE})
Is there any debug I should create/send?
Thanks, Tuc
More information about the cisco-nsp
mailing list