Re: pf scrub max-mss question (solved)

On Tuesday 05 February 2008 07:18:34 Stuart Henderson wrote: > On 2008/02/04 18:12, Richard Green wrote: > > When when two peers on opposite sides of this firewall attempt to > > connect, a TCP SYN packet passes in from peer-1 though one interface, > > with it's MSS field

pf scrub max-mss question

Hi Using OpenBSD as a firewall and NAT box, OpenBSD 4.2: I have this rule: 'scrub in all max-mss 1400' When when two peers on opposite sides of this firewall attempt to connect, a TCP SYN packet passes in from peer-1 though one interface, with it's MSS field set to 1360, through a bi-nat rule

pf scrub max-mss question

Hi Using OpenBSD as a firewall and NAT box, OpenBSD 4.2: I have this rule: 'scrub in all max-mss 1400' When when two peers on opposite sides of this firewall attempt to connect, a TCP SYN packet passes in from peer-1 though one interface, with it's MSS field set to 1360, through a bi-nat rul

Re: 202 days Uptime in OpenBSD 3.6

On Thursday 11 January 2007 20:32, Rod.. Whitworth wrote: > On Thu, 11 Jan 2007 07:57:44 +0100, Rico Secada wrote: > >On Wed, 10 Jan 2007 18:47:38 -0800 > > > >"Greg Thomas" <[EMAIL PROTECTED]> wrote: > >> On 1/10/07, Francisco Valladolid <[EMAIL PROTECTED]> wrote: > >> > I have 202 days using Open

Re: isakmpd to cisco pix

ersion: Cisco PIX Firewall Version 6.3(4)120 > PIX model: Hardware: PIX-515E > > Regards > Richard > > --- Petr Ruzicka <[EMAIL PROTECTED]> wrote: > > two more questions > > - pix version ? > > - is nat in use ? > > > > Petr R. > > > &g

Re: isakmpd to cisco pix

e ? > > Petr R. > > --- Richard Green <[EMAIL PROTECTED]> wrote: > Hi > > Thanks, for your replies. I have some additional > information now - > the cisco config (below) - though it still looks > quite sensibly configured > (to someone who doent know any cisco co

Re: isakmpd to cisco pix

104125.577220 Mesg 70 message_recv: fc674a97 f3c458d9 3bbf6a1d 6f49600a 083ffd4a e4b49605 22ab8a84 1ca344c1 104125.577233 Mesg 70 message_recv: c5f26aed 7ae6a40c b2c76472 5442dd6b d5833588 104125.577244 Default message_recv: invalid cookie(s) 79749cd36d3e79fd 49fdaa7451d1d35a 104125.577256 Default droppe

Re: isakmpd to cisco pix

t; > > > isakmpd -f- -d -L -D0=79 -D1=70 -D2=90 -D3=80 > -D4=99 > > -D5=99 -D6=99 > > -D7=99 -D8=99 -D9=99 > > > > For Phase 2 debugging, pay extra attention to the > > 'SA' debug messages. > > > > Regards, > > > > E

isakmpd to cisco pix

Hi I've been struggling with this one for a while, and would appeciate some advice from someone with more experiece that I on creating VPN tunnel between an OpenBSD (mine) and Cisco PIX (not mine..). Previously I /did/ test this using OpenBSD to OpenBSD in a test environment without problems. Pha