Hi,
I setup xauth in the NS5GT appliance and on the client. I am ablt to connect with the client with success but unable to ping any devices on the LAN via IP or by name - however would like to.
I have both NAT-T and UDP checksum enabled in the VPNs > AutoKey Advanced > Gateway > Edit section
I also tried unchecking them as well.
Firmware version is 5.3.0r4.0 (incase any one needs to know) not certain if that is important.
the internal LAN ip scheme is 192.168.2.0. I used a authIP pool of 192.168.200.X
As mentioend I can authenticate with no issues and I can also see where I attempt to ping the device that it displays in the log:
2009-02-21 16:36:09 192.168.2.200:137 192.168.2.115:137 192.168.2.200:137 192.168.2.115:137 NETBIOS (NS) 204 sec. 3444
As you can see I am trying to ping 192.168.2.115
I feel like I am close. Any suggestions, hints or tips. I would really like to ping the devices by name resolution.
Below is the log of my connection: (not sure how legible it will be since this forum will stripp off the html)
2009-02-21 16:40:52 info IKE<myipscrubbed> Phase 2 msg ID <c5fda546>: Completed negotiations with SPI <b5215a19>, tunnel ID <14>, and lifetime <3600> seconds/<0> KB. 2009-02-21 16:40:52 info IKE<myipscrubbed> Phase 2 msg ID <c5fda546>: Responded to the peer's first message. 2009-02-21 16:40:52 info IKE<myipscrubbed>: XAuth login was passed for gateway <xauthusergate>, username <xauthnamescrubbed>, retry: 0, Client IP Addr<192.168.2.200>, IPPool name:<XAuthIPPOOL>, Session-Timeout:<0s>, Idle-Timeout:<0s>. 2009-02-21 16:40:51 info IKE<myipscrubbed>: XAuth login was refreshed for username <xauthnamescrubbed> at <192.168.2.200/255.255.255.255>. 2009-02-21 16:40:44 info IKE<myipscrubbed>: Received initial contact notification and removed Phase 1 SAs. 2009-02-21 16:40:44 info IKE<myipscrubbed> Phase 1: Completed Aggressive mode negotiations with a <28800>-second lifetime. 2009-02-21 16:40:44 info IKE<myipscrubbed> Phase 1: Completed for user <xauthnamescrubbed>. 2009-02-21 16:40:44 info IKE<myipscrubbed>: Received initial contact notification and removed Phase 2 SAs. 2009-02-21 16:40:44 info IKE<myipscrubbed>: Received a notification message for DOI <1> <24578> <INITIAL-CONTACT>. 2009-02-21 16:40:44 info IKE<myipscrubbed>: Received a notification message for DOI <1> <24577> <REPLAY-STATUS>. 2009-02-21 16:40:44 info IKE<myipscrubbed> Phase 1: IKE responder has detected NAT in front of the remote device. 2009-02-21 16:40:44 info IKE<myipscrubbed> Phase 1: Responder starts AGGRESSIVE mode negotiations.