New Zealand ADSL Mailing List


Re: ESP on M11

From: Mike <mike_pratt_at_mail.com>
Date: Mon, 18 Sep 2000 13:23:32 +1200
Message-ID: <39C56E94.D16B98B5@mail.com>

Hi Rob,

I had a similar problem with IP addresses changing on clients using IKE.

Rather than use the IP address for authentication, I am now trying Digital
certificates and the X.500 Distinguished Name as a means for authentication.

If this works this should circumvent the NAT issue (sure, I'll still only be
able to use ESP across NAT but at least I can then use the Digital Certs for
authentication)

cheers

Mike

"VAN GELDER, ROBERT (IT7)" wrote:

> Cheers buddy.
>
> Got this far but our implementation of IKE doesn't like it if the client's
> IP address changes (eg. from 192.168.1.3 to 210.54.321.321 [i forget the ip
> right now] )
> This is due to the NAT on the M11.
>
> We're attempting to get the software running with a 3060 card to see if this
> helps...
>
> Cheers,
> Rob
>
> > -----Original Message-----
> > From: Mike [SMTP:mike_pratt@mail.com]
> > Sent: Monday, 18 September 2000 12:27
> > To: VAN GELDER, ROBERT (IT7); adsl@unixathome.org
> > Subject: Re: ESP on M11
> >
> > Hi Rob,
> >
> > Don't know if you solved this problem, but this is how I got it working.
> >
> > You have to Telnet to the M11 to set up protocol 50 (ESP). Once you
> > have
> > logged on, go to the configuration menu and then to the pinhole menu.
> >
> > set pinhole name "whatever you decide to name this entry" protocol-select
> > OTHER
> > set pinhole name "whatever you decide to name this entry"
> > numerical-protocol
> > 50
> > set pinhole name "whatever you decide to name this entry"
> > external-port-start 0
> > set pinhole name "whatever you decide to name this entry"
> > external-port-end
> > 0
> > set pinhole name "whatever you decide to name this entry" internal-ip
> > address
> > set pinhole name "whatever you decide to name this entry" internal-port 0
> >
> > save this and restart the M11
> >
> > Depending on how you are negotiating your keys, you may also need to
> > pinhole port 500 for UDP to support IKE.
> >
> > cheers
> >
> > Mike Pratt
> >
> >
> >
> >
> > "VAN GELDER, ROBERT (IT7)" wrote:
> >
> > > Hi.
> > >
> > > Can anyone give me step by step instructions on how to open ESP protocol
> > > (50) on M11 modem?
> > >
> > > Cheers,
> > > Rob
> > >
> > > This message is part of the NZ Broadband mailing list.
> > > see http://unixathome.org/adsl/ for archives, FAQ,
> > > and various documents.
> > > To unsubscribe: send mail to majordomo@unixathome.org
> > > with "unsubscribe adsl" in the body of the message
> >
>
> This message is part of the NZ Broadband mailing list.
> see http://unixathome.org/adsl/ for archives, FAQ,
> and various documents.
> To unsubscribe: send mail to majordomo@unixathome.org
> with "unsubscribe adsl" in the body of the message

This message is part of the NZ Broadband mailing list.
see http://unixathome.org/adsl/ for archives, FAQ,
and various documents.
To unsubscribe: send mail to majordomo@unixathome.org
with "unsubscribe adsl" in the body of the message
Received on Mon Sep 18 13:23:54 2000


This archive was generated by hypermail 2.2.0 : Thu Nov 30 11:48:06 2006 EST