New Zealand ADSL Mailing List


RE: ESP on M11

From: VAN GELDER, ROBERT (IT7) <rvangelder_at_nzrc.co.nz>
Date: Thu, 21 Sep 2000 15:33:22 +1200
Message-ID: <11D400B129ECD011A07700805F8534AB012E5A57@NZRCS007>

The problem is resolved when using an Internal DSL modem.
NAT is what was preventing the connection.

I appears our VPN software is picky when it comes to a secure path.

Cheers,
Rob

> -----Original Message-----
> From: Mike [SMTP:mike_pratt@mail.com]
> Sent: Monday, 18 September 2000 13:24
> To: VAN GELDER, ROBERT (IT7)
> Cc: adsl@unixathome.org
> Subject: Re: ESP on M11
>
> Hi Rob,
>
> I had a similar problem with IP addresses changing on clients using IKE.
>
> Rather than use the IP address for authentication, I am now trying Digital
> certificates and the X.500 Distinguished Name as a means for
> authentication.
>
> If this works this should circumvent the NAT issue (sure, I'll still only
> be
> able to use ESP across NAT but at least I can then use the Digital Certs
> for
> authentication)
>
> cheers
>
> Mike
>
>
> "VAN GELDER, ROBERT (IT7)" wrote:
>
> > Cheers buddy.
> >
> > Got this far but our implementation of IKE doesn't like it if the
> client's
> > IP address changes (eg. from 192.168.1.3 to 210.54.321.321 [i forget the
> ip
> > right now] )
> > This is due to the NAT on the M11.
> >
> > We're attempting to get the software running with a 3060 card to see if
> this
> > helps...
> >
> > Cheers,
> > Rob
> >
> > > -----Original Message-----
> > > From: Mike [SMTP:mike_pratt@mail.com]
> > > Sent: Monday, 18 September 2000 12:27
> > > To: VAN GELDER, ROBERT (IT7); adsl@unixathome.org
> > > Subject: Re: ESP on M11
> > >
> > > Hi Rob,
> > >
> > > Don't know if you solved this problem, but this is how I got it
> working.
> > >
> > > You have to Telnet to the M11 to set up protocol 50 (ESP). Once
> you
> > > have
> > > logged on, go to the configuration menu and then to the pinhole menu.
> > >
> > > set pinhole name "whatever you decide to name this entry"
> protocol-select
> > > OTHER
> > > set pinhole name "whatever you decide to name this entry"
> > > numerical-protocol
> > > 50
> > > set pinhole name "whatever you decide to name this entry"
> > > external-port-start 0
> > > set pinhole name "whatever you decide to name this entry"
> > > external-port-end
> > > 0
> > > set pinhole name "whatever you decide to name this entry" internal-ip
> > > address
> > > set pinhole name "whatever you decide to name this entry"
> internal-port 0
> > >
> > > save this and restart the M11
> > >
> > > Depending on how you are negotiating your keys, you may also need to
> > > pinhole port 500 for UDP to support IKE.
> > >
> > > cheers
> > >
> > > Mike Pratt
> > >
> > >
> > >
> > >
> > > "VAN GELDER, ROBERT (IT7)" wrote:
> > >
> > > > Hi.
> > > >
> > > > Can anyone give me step by step instructions on how to open ESP
> protocol
> > > > (50) on M11 modem?
> > > >
> > > > Cheers,
> > > > Rob
> > > >
> > > > This message is part of the NZ Broadband mailing list.
> > > > see http://unixathome.org/adsl/ for archives, FAQ,
> > > > and various documents.
> > > > To unsubscribe: send mail to majordomo@unixathome.org
> > > > with "unsubscribe adsl" in the body of the message
> > >
> >
> > This message is part of the NZ Broadband mailing list.
> > see http://unixathome.org/adsl/ for archives, FAQ,
> > and various documents.
> > To unsubscribe: send mail to majordomo@unixathome.org
> > with "unsubscribe adsl" in the body of the message
>
>
>
> This message is part of the NZ Broadband mailing list.
> see http://unixathome.org/adsl/ for archives, FAQ,
> and various documents.
> To unsubscribe: send mail to majordomo@unixathome.org
> with "unsubscribe adsl" in the body of the message

This message is part of the NZ Broadband mailing list.
see http://unixathome.org/adsl/ for archives, FAQ,
and various documents.
To unsubscribe: send mail to majordomo@unixathome.org
with "unsubscribe adsl" in the body of the message
Received on Thu Sep 21 15:33:02 2000


This archive was generated by hypermail 2.2.0 : Thu Nov 30 11:48:06 2006 EST