https://community.cisco.com/t5/vpn/bluefire-vpn-client-to-pix/m-p/635733#M193303 <P>We have a few PDA's on trial and am trying the bluefire VPN client. This did work for a while but now it won't connect.</P><P></P><P>The only thing I can see in a isakmp debug is the following -:</P><P></P><P>ISAKMP (0:0): sending NAT-T vendor ID - rev 2 &amp; 3</P><P>ISAKMP (0:0): constructed HIS NAT-D</P><P>ISAKMP (0:0): constructed MINE NAT-D</P><P>ISAKMP (0:0): Detected port floating</P><P>return status is IKMP_NO_ERROR</P><P>crypto_isakmp_process_block:src:*.*.*.*, dest:FIREWALL spt:10587 dpt:4500</P><P>OAK_AG exchange</P><P>ISAKMP (0): processing HASH payload. message ID = 0</P><P>ISAKMP (0): processing NOTIFY payload 24578 protocol 1</P><P> spi 0, message ID = 0</P><P>ISAKMP (0): processing notify INITIAL_CONTACT</P><P>ISADB: reaper checking SA 0x3d1fcf4, conn_id = 0</P><P>ISADB: reaper checking SA 0x3d5ec4c, conn_id = 0</P><P>ISADB: reaper checking SA 0x3d30744, conn_id = 0</P><P>ISADB: reaper checking SA 0x3d2734c, conn_id = 0</P><P>ISAKMP (0:0): Detected NAT-D payload</P><P>ISAKMP (0:0): recalc my hash for NAT-D</P><P>ISAKMP (0:0): NAT match MINE hash</P><P>ISAKMP (0:0): Detected NAT-D payload</P><P>ISAKMP (0:0): recalc his hash for NAT-D</P><P>ISAKMP (0:0): NAT does not match HIS hash</P><P></P><P></P><P>What does 'NAT does not match HIS hash' mean?</P> Fri, 21 Feb 2020 22:51:12 GMT siiiilky 2020-02-21T22:51:12Z https://community.cisco.com/t5/vpn/bluefire-vpn-client-to-pix/m-p/635733#M193303 <P>We have a few PDA's on trial and am trying the bluefire VPN client. This did work for a while but now it won't connect.</P><P></P><P>The only thing I can see in a isakmp debug is the following -:</P><P></P><P>ISAKMP (0:0): sending NAT-T vendor ID - rev 2 &amp; 3</P><P>ISAKMP (0:0): constructed HIS NAT-D</P><P>ISAKMP (0:0): constructed MINE NAT-D</P><P>ISAKMP (0:0): Detected port floating</P><P>return status is IKMP_NO_ERROR</P><P>crypto_isakmp_process_block:src:*.*.*.*, dest:FIREWALL spt:10587 dpt:4500</P><P>OAK_AG exchange</P><P>ISAKMP (0): processing HASH payload. message ID = 0</P><P>ISAKMP (0): processing NOTIFY payload 24578 protocol 1</P><P> spi 0, message ID = 0</P><P>ISAKMP (0): processing notify INITIAL_CONTACT</P><P>ISADB: reaper checking SA 0x3d1fcf4, conn_id = 0</P><P>ISADB: reaper checking SA 0x3d5ec4c, conn_id = 0</P><P>ISADB: reaper checking SA 0x3d30744, conn_id = 0</P><P>ISADB: reaper checking SA 0x3d2734c, conn_id = 0</P><P>ISAKMP (0:0): Detected NAT-D payload</P><P>ISAKMP (0:0): recalc my hash for NAT-D</P><P>ISAKMP (0:0): NAT match MINE hash</P><P>ISAKMP (0:0): Detected NAT-D payload</P><P>ISAKMP (0:0): recalc his hash for NAT-D</P><P>ISAKMP (0:0): NAT does not match HIS hash</P><P></P><P></P><P>What does 'NAT does not match HIS hash' mean?</P> Fri, 21 Feb 2020 22:51:12 GMT https://community.cisco.com/t5/vpn/bluefire-vpn-client-to-pix/m-p/635733#M193303 siiiilky 2020-02-21T22:51:12Z https://community.cisco.com/t5/vpn/bluefire-vpn-client-to-pix/m-p/635734#M193305 <HTML><HEAD></HEAD><BODY><P>The hashing value that was calculated between the devices did not match after the NAT-D detection was done.</P><P></P><P>Is the client connecting from behind a firewall or a NAT device.</P><P></P><P>If so, do you have NAT-T enabled on the VPN headend device.</P><P></P><P>Thanks</P><P>Gilbert</P><P></P><P></P></BODY></HTML> Mon, 05 Feb 2007 21:46:57 GMT https://community.cisco.com/t5/vpn/bluefire-vpn-client-to-pix/m-p/635734#M193305 ggilbert 2007-02-05T21:46:57Z https://community.cisco.com/t5/vpn/bluefire-vpn-client-to-pix/m-p/635735#M193309 <HTML><HEAD></HEAD><BODY><P>Strange, just re-installed the software on the handheld and it is working fine now!</P></BODY></HTML> Tue, 06 Feb 2007 09:24:14 GMT https://community.cisco.com/t5/vpn/bluefire-vpn-client-to-pix/m-p/635735#M193309 siiiilky 2007-02-06T09:24:14Z