[SWLUG] NTL & IPSEC (ESP) Routing Problem

Hywel Burris hywel at burris.org.uk
Fri Aug 30 10:27:27 UTC 2002 

I am having problems with two Linux machines (www.smoothwall.co.uk) and IPSEC VPN's. 

The only is on an NTL 512K unmanaged leased line and the other on a Demon 128K isdn dial up
This is a little off topic but I am sure there are some people here that have a much better knowledge of routing and networks than me. I need help because NTL are being rather useless!

The negotiation of the certificates is carried out but no data will pass between the two machines

root at warehouse /root]# tcpdump -I ippp0
tcpdump: listening on ippp0
11:54:22.146509 no-dns-yet.demon.co.uk > NTLIPADDRESS: ESP(spi=0x760f04c9,seq=0x9)
11:54:22.546537 62.252.61.xxx > no-dns-yet.demon.co.uk: icmp: host NTLIPADDRESS unreachable - admin prohibited filter

Where:- 
ippp0 is the isdn card on the Demon end.
no-dns-yet.demon.co.uk is the Demon ip address
NTLIPADDRESS is the NTL end ip address
62.252.61.xxx  is the IP Address NTL router on the NTL side of the leased line

Outbound packets transmit with no problem from NTL -> Demon, but are blocked as they return

To eliminate a smoothwall configuration error we put it on a LAN and it worked perfectly

Both NTL and the owner of the NTL line are saying that ports 50 & 51are not filtered. We proved this by setting up an ftp server on both ports and I could get access to them.

Does anyone have any ideas how theses ESP packets may be getting blocked, so that I can push NTL in the correct direction?

thanks

--------------------------------------------------------------------------------
Hywel Burris
Mobile: : 07976 621154
Email: hywel at burris.org.uk
ICQ#: 33224989
      Current ICQ status:     

--------------------------------------------------------------------------------

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/swlug/attachments/20020830/7307e6bc/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: online?icq=33224989&img=21
Type: application/octet-stream
Size: 105 bytes
Desc: not available
URL: <http://mailman.lug.org.uk/pipermail/swlug/attachments/20020830/7307e6bc/attachment.obj>

More information about the Swlug mailing list