[c-nsp] ASA "NEM" tunnel problems

[Peter Rathlev]

On Thu, 2013-02-21 at 16:47 +0100, Peter Rathlev wrote:
> What we see by debugging is that the ones failing never seem to send
> the "ID_IPV4_ADDR_SUBNET" ID payload with their remote LAN network.

We tried using an IPsec-over-TCP tunnel on one of the affected devices
for some days and it seems to have helped. This makes me suspect again
that it might have something to do with some kind of protocol
inspection. OTOH we see them sending "ID_IPV4_ADDR" which many of the
working ones don't.

I guess if TCP solves the problem it's good enough for me. :-)

-- 
Peter