Bluefire VPN Client to PIX

Unanswered Question
Feb 5th, 2007

We have a few PDA's on trial and am trying the bluefire VPN client. This did work for a while but now it won't connect.

The only thing I can see in a isakmp debug is the following -:

ISAKMP (0:0): sending NAT-T vendor ID - rev 2 & 3

ISAKMP (0:0): constructed HIS NAT-D

ISAKMP (0:0): constructed MINE NAT-D

ISAKMP (0:0): Detected port floating

return status is IKMP_NO_ERROR

crypto_isakmp_process_block:src:*.*.*.*, dest:FIREWALL spt:10587 dpt:4500

OAK_AG exchange

ISAKMP (0): processing HASH payload. message ID = 0

ISAKMP (0): processing NOTIFY payload 24578 protocol 1

spi 0, message ID = 0

ISAKMP (0): processing notify INITIAL_CONTACT

ISADB: reaper checking SA 0x3d1fcf4, conn_id = 0

ISADB: reaper checking SA 0x3d5ec4c, conn_id = 0

ISADB: reaper checking SA 0x3d30744, conn_id = 0

ISADB: reaper checking SA 0x3d2734c, conn_id = 0

ISAKMP (0:0): Detected NAT-D payload

ISAKMP (0:0): recalc my hash for NAT-D

ISAKMP (0:0): NAT match MINE hash

ISAKMP (0:0): Detected NAT-D payload

ISAKMP (0:0): recalc his hash for NAT-D

ISAKMP (0:0): NAT does not match HIS hash

What does 'NAT does not match HIS hash' mean?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ggilbert Mon, 02/05/2007 - 13:46

The hashing value that was calculated between the devices did not match after the NAT-D detection was done.

Is the client connecting from behind a firewall or a NAT device.

If so, do you have NAT-T enabled on the VPN headend device.

Thanks

Gilbert

stevencoutts Tue, 02/06/2007 - 01:24

Strange, just re-installed the software on the handheld and it is working fine now!

Actions

This Discussion