Re: L2TP-over-IPsec (may be off topic)

[Sake Blok <sake () euronet nl>]

On 14 sep 2010, at 20:15, Kok-Yong Tan wrote:

> On Sep 14, 2010, at 13:59, Sake Blok wrote:
>
> > It seems like the L2TP tunnel just does not trigger the IPsec  
> > encapsulation to kick in. What does a network trace say? Only  
> > traffic on UDP port 1701, no UDP-500, no ip proto 50 and no UDP  
> > port 4500? That would be in sync with the above.
>
> This will be the next step but I haven't done that yet.

That would get it a little more on-topic too, analysing the packets ;-)


> > What type of L2TP-over-IPsec client and L2TP-over-IPsec server are  
> > involved?
>
> I'm trying various Macintoshes at OS versions 10.5.8 and 10.6.4 to an  
> Xserve running OS version 10.4.11.

If I understand your mails correctly, the FW does *not* terminate the IPsec tunnel, nor the L2TP tunnel within the 
IPsec tunnel. Both are terminated at the Xserve. In that case, the FW must have a NAT rule to forward incoming 
IKE+ESP/NAT-T traffic towards Xserve. Could it be that the NAT for IPsec secretly also forwards L2TP?

A trace on the public and private side of the FW would really make finding the cause easier :-)

Cheers,
Sake
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe