02-05-2007 03:39 AM - edited 02-21-2020 02:51 PM
We have a few PDA's on trial and am trying the bluefire VPN client. This did work for a while but now it won't connect.
The only thing I can see in a isakmp debug is the following -:
ISAKMP (0:0): sending NAT-T vendor ID - rev 2 & 3
ISAKMP (0:0): constructed HIS NAT-D
ISAKMP (0:0): constructed MINE NAT-D
ISAKMP (0:0): Detected port floating
return status is IKMP_NO_ERROR
crypto_isakmp_process_block:src:*.*.*.*, dest:FIREWALL spt:10587 dpt:4500
OAK_AG exchange
ISAKMP (0): processing HASH payload. message ID = 0
ISAKMP (0): processing NOTIFY payload 24578 protocol 1
spi 0, message ID = 0
ISAKMP (0): processing notify INITIAL_CONTACT
ISADB: reaper checking SA 0x3d1fcf4, conn_id = 0
ISADB: reaper checking SA 0x3d5ec4c, conn_id = 0
ISADB: reaper checking SA 0x3d30744, conn_id = 0
ISADB: reaper checking SA 0x3d2734c, conn_id = 0
ISAKMP (0:0): Detected NAT-D payload
ISAKMP (0:0): recalc my hash for NAT-D
ISAKMP (0:0): NAT match MINE hash
ISAKMP (0:0): Detected NAT-D payload
ISAKMP (0:0): recalc his hash for NAT-D
ISAKMP (0:0): NAT does not match HIS hash
What does 'NAT does not match HIS hash' mean?
02-05-2007 01:46 PM
The hashing value that was calculated between the devices did not match after the NAT-D detection was done.
Is the client connecting from behind a firewall or a NAT device.
If so, do you have NAT-T enabled on the VPN headend device.
Thanks
Gilbert
02-06-2007 01:24 AM
Strange, just re-installed the software on the handheld and it is working fine now!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide