[Firewall] Using IPSec (w/o Racoon)

Jeff Welling jeff.welling at gmail.com
Fri Jul 18 03:15:34 MDT 2008


In fact I had not noticed the use of timer, thank you for pointing that 
out.  
It seems I have some further testing to do!

Cheers,
Jeff.

Philip Prindeville wrote:
> Jeff:
>
> Did you have the nat-traversal turned on?  Looking at:
>
> http://www.ipsec-howto.org/x304.html
>
> The example they give down at the bottom shows:
>
> path pre_shared_key "/etc/psk.txt";
>
> timer  {
>        natt_keepalive 10sec;
>        }
>
> listen {
>        isakmp 192.168.1.100 [500];
>        isakmp_natt 192.168.1.100 [4500];
>        }
>
> remote 192.168.1.1 {
>         exchange_mode main;
>         nat_traversal on;
>         proposal {
>                 encryption_algorithm 3des;
>                 hash_algorithm md5;
>                 authentication_method pre_shared_key;
>                 dh_group modp1024;
>         }
> }
>
> sainfo address 172.16.1.0/24 any address 172.16.2.0/24 any {
>         pfs_group modp768;
>         encryption_algorithm 3des;
>         authentication_algorithm hmac_md5;
>         compression_algorithm deflate;
> }
>
>
> Note the "listen" and "timer" sections, and the "nat_traversal on" 
> clause in the "remote" section.
>
> -Philip
>
>
>
>
>   
> _______________________________________________
> Firewall mailing list
> Firewall at lists.btito.net
> http://lists.btito.net/mailman/listinfo/firewall_lists.btito.net
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl
>
>   




More information about the Firewall mailing list