Thanks Tony for your response, but for some reasons i seem not to be
able to enable NAT-T on Cyberoam, the feature only works with remote
access from Cyberoam's documentation but would adding a remote-id and
local-id to both ends of the device terminating the tunnel be a valid
solution?
On 6/7/14, Tony Singh <mothafungla_at_gmail.com> wrote:
> Enable your Cyberoam for NAT-T and remove the NAT exclusion rule on the
> Router
>
> Your debugs suggest the Sonicwall has discovered a NAT device (I.e your
> Routers outside interface) and changed to main mode using UDP 4500
>
> --
> BR
>
> Tony
>
>> On 7 Jun 2014, at 15:33, segs <michaelolusegunrufai_at_gmail.com> wrote:
>>
>> Hello All,
>> Sorry for the OT, but been having issues setting up IPsec Site to Site
>> VPN behind a router configured for NAT. Below is the setup;
>>
>> LAN---->Cyberoam---->Router>>>internet>>>>SonicWall
>>
>> IPsec is terminated on the Cyberoam UTM as well as the SonicWall but
>> the VPN fails to connect and i get the following error below on the
>> Cyberoam UTM;
>>
>> Jun 05 19:07:57 packet from 31.221.21.170:500: ignoring unknown Vendor
>> ID payload [5b362bc820f60007]
>> Jun 05 19:07:57 packet from 31.221.21.170:500: received Vendor ID
>> payload [RFC 3947] method set to=110
>> Jun 05 19:07:57 packet from 31.221.21.170:500: received Vendor ID
>> payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using
>> method 110
>> Jun 05 19:07:57 packet from 31.221.21.170:500: received Vendor ID
>> payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using
>> method 110
>> Jun 05 19:07:57 packet from 31.221.21.170:500: received Vendor ID
>> payload [draft-ietf-ipsec-nat-t-ike-00]
>> Jun 05 19:07:57 "Septa_VPN_London-7" #346: responding to Main Mode
>> Jun 05 19:07:57 "Septa_VPN_London-7" #346: transition from state
>> STATE_MAIN_R0 to state STATE_MAIN_R1
>> Jun 05 19:07:57 "Septa_VPN_London-7" #346: STATE_MAIN_R1: sent
>> MR1, expecting MI2
>>
>> and on checking on the internet seems to be an issue with NAT behind a
>> device terminating the IPsec VPN, and of which i have excluded the
>> IPsec VPN traffic from been NATed on the router on UDP port 500 and
>> port 4500 but yet still getting thesame error.
>> Router Config:-
>> int g0/1
>> ip add 192.168.1.1 255.255.255.0
>> ip add 197.x.x.x 255.255.255.248 sec
>> ip nat inside
>>
>>
>> CR:-
>> Port C
>> ip add 197.x.x.y 255.255.255.248
>>
>> Any pointers to what could be the issue will very much appreciated.
>>
>> Thanks in advance.
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Sat Jun 07 2014 - 16:32:33 ART
This archive was generated by hypermail 2.2.0 : Tue Jul 01 2014 - 06:32:35 ART