02-05-2007 03:39 AM - edited 02-21-2020 02:51 PM
We have a few PDA's on trial and am trying the bluefire VPN client. This did work for a while but now it won't connect.
The only thing I can see in a isakmp debug is the following -:
ISAKMP (0:0): sending NAT-T vendor ID - rev 2 & 3
ISAKMP (0:0): constructed HIS NAT-D
ISAKMP (0:0): constructed MINE NAT-D
ISAKMP (0:0): Detected port floating
return status is IKMP_NO_ERROR
crypto_isakmp_process_block:src:*.*.*.*, dest:FIREWALL spt:10587 dpt:4500
OAK_AG exchange
ISAKMP (0): processing HASH payload. message ID = 0
ISAKMP (0): processing NOTIFY payload 24578 protocol 1
spi 0, message ID = 0
ISAKMP (0): processing notify INITIAL_CONTACT
ISADB: reaper checking SA 0x3d1fcf4, conn_id = 0
ISADB: reaper checking SA 0x3d5ec4c, conn_id = 0
ISADB: reaper checking SA 0x3d30744, conn_id = 0
ISADB: reaper checking SA 0x3d2734c, conn_id = 0
ISAKMP (0:0): Detected NAT-D payload
ISAKMP (0:0): recalc my hash for NAT-D
ISAKMP (0:0): NAT match MINE hash
ISAKMP (0:0): Detected NAT-D payload
ISAKMP (0:0): recalc his hash for NAT-D
ISAKMP (0:0): NAT does not match HIS hash
What does 'NAT does not match HIS hash' mean?
02-05-2007 01:46 PM
The hashing value that was calculated between the devices did not match after the NAT-D detection was done.
Is the client connecting from behind a firewall or a NAT device.
If so, do you have NAT-T enabled on the VPN headend device.
Thanks
Gilbert
02-06-2007 01:24 AM
Strange, just re-installed the software on the handheld and it is working fine now!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: