I have solved the problem with the config value 'NAT Traversal Mode' set
to 'force-natt' instead of 'cisco-udp'. This gives now on TCPDUMP level:
06:26:31.534700 IP 192.168.2.100.4500 > 132.174.XXX.XX.4500: UDP-encap: ESP(spi=0x52562da2,seq=0x404), length 84
06:26:31.586589 IP 132.174.XXX.XX.4500 > 192.168.2.100.4500: UDP-encap: ESP(spi=0x63abc09b,seq=0xa9e), length 92
06:26:31.604083 IP 132.174.XXX.XX.4500 > 192.168.2.100.4500: UDP-encap: ESP(spi=0x63abc09b,seq=0xa9f), length 84
06:26:32.581545 IP 192.168.2.100.4500 > 132.174.XXX.XX.4500: UDP-encap: ESP(spi=0x52562da2,seq=0x405), length 84
06:26:32.593565 IP 192.168.2.100.4500 > 132.174.XXX.XX.4500: UDP-encap: ESP(spi=0x52562da2,seq=0x406), length 84
06:26:32.631505 IP 132.174.XXX.XX.4500 > 192.168.2.100.4500: UDP-encap: ESP(spi=0x63abc09b,seq=0xaa0), length 92
with 'cisco-udp' only ESP(spi=0x52562da2,seq=0x405) was sent, without any answers.
Der Wolf ist tot! Der Wolf ist tot! :-)
(this is from an old German fairy tale)
matthias
--
Matthias Apitz, ? guru@unixarea.de, http://www.unixarea.de/ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
May, 9: ???????? ????????????! Thank you very much, Russian liberators!
to 'force-natt' instead of 'cisco-udp'. This gives now on TCPDUMP level:
06:26:31.534700 IP 192.168.2.100.4500 > 132.174.XXX.XX.4500: UDP-encap: ESP(spi=0x52562da2,seq=0x404), length 84
06:26:31.586589 IP 132.174.XXX.XX.4500 > 192.168.2.100.4500: UDP-encap: ESP(spi=0x63abc09b,seq=0xa9e), length 92
06:26:31.604083 IP 132.174.XXX.XX.4500 > 192.168.2.100.4500: UDP-encap: ESP(spi=0x63abc09b,seq=0xa9f), length 84
06:26:32.581545 IP 192.168.2.100.4500 > 132.174.XXX.XX.4500: UDP-encap: ESP(spi=0x52562da2,seq=0x405), length 84
06:26:32.593565 IP 192.168.2.100.4500 > 132.174.XXX.XX.4500: UDP-encap: ESP(spi=0x52562da2,seq=0x406), length 84
06:26:32.631505 IP 132.174.XXX.XX.4500 > 192.168.2.100.4500: UDP-encap: ESP(spi=0x63abc09b,seq=0xaa0), length 92
with 'cisco-udp' only ESP(spi=0x52562da2,seq=0x405) was sent, without any answers.
Der Wolf ist tot! Der Wolf ist tot! :-)
(this is from an old German fairy tale)
matthias
--
Matthias Apitz, ? guru@unixarea.de, http://www.unixarea.de/ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
May, 9: ???????? ????????????! Thank you very much, Russian liberators!