following scenario:
|
| LAN A
|
.-------+-------.
| Firewall A |
| and |
| VPN-gateway A |
+-------+-------+
|\
| \
| public IP A
|
======
inet
======
|
| public IP B
|/
.-----+------.
| Firewall B |
+-----+------+
|
| NAT public IP B <-> private IP B
|
| private IP B
|/
.-------+-------.
| VPN-Gateway B |
+-------+-------+
|
| LAN B
|
now the situation:
establishing a VPN connection between LAN A and LAN B works fine. i run this
scenario for nearly four years. since release 3.5 the problem occurs that
the tunnel on gateway B (the natted one behind the separate firewall) falls
down. a 'netstat -rnf encap' then shows
Routing tables
Encap:
Source Port Destination Port Proto
SA(Address/Proto/Type/Direction)
and no ping comes through although isakmpd is still running! i run a script
every 3 minutes that in such case kills isakmpd and restarts it. the failing
of the tunnels happens with NAT-T activated as well as without. does that
have something to do with any lifetime settings? i dont yet wanna bother you
with my isakmpd.conf but i post it of wished.
is there anyone who experienced the same or has a clue about that?
TIA
--
tobias
