Jason Opperisano <opie@xxxxxxxxxxx> writes: > On Tue, Feb 15, 2005 at 11:25:58AM +0100, Ola Nilsson wrote: >> Which is far to open, but I used it to try to find the problem. What I >> see with Ethereal is that the connection seems to have two >> phases. Both phases uses UDP on port 4500. In the first phase ISAKMP >> is used, then ESP. ...snip > "this is what you see" where? what is this the output of? where is > this output being generated? First, to all that replied, thanks for your help! I will try to read up on the RFCs. Might be that I was fooled to believe that NAT-T was used due to some log entries in the clients. Now I understand that I should be looking at the ESP traffic, since that should not necessarily NAT OK. Is this why the kernel helps me, and refuses to NAT the ESP packages? Regarding where the output was from, it was what I see listening on both interfaces of the firewall with Ethereal. Even though my understanding also was that other ports than 4500 should have been used, all traffic is on port 4500 (nothing on 500). Regards, -- /Ola Nilsson
