From: Abraham Iglesias (abraham.iglesiasgenaker.net)
Date: Mon Nov 08 2004 - 07:42:02 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I use tcpdump:
#tcpdump -ni fxp0 esp

and I can see the encapsulated packets (esp) fro srcIPaddress ->
dstIPaddress, but no packet coming in.çç

Moreover, I can see with netstat that the number of output ESP packets
increases. However, I cannot see input ESP packets. I am almost sure
that the problem is a problem of routing on the other side... but the
gwB is managed by another company. I have requested some logs, but they
do not give me any feedback but saying: "everything is well configurated
on this side"

Besides, in /kern/ipsec I can see that there is only one SA processing
bytes (the SA corresponding to gwA -> gwB), the other SA has 0 bytes
processed.

Thaks for your help...

/bram

P.D: I am used to work with ethereal, but it requires X... I am kinda
newbie ... would it be time-expensive to install X?

Hakan Olsson wrote:

> On Mon, 8 Nov 2004, Abraham Iglesias wrote:
> ...
>
>> I have my filter turned off, and the gwB filter pings to the external
>> interface (gwB Ip address). Is it possible that the gwB filters the
>> pings to the 10.10.28.31 machine?
>
>
> Are you able to check the traffic on the other side of gwB? I.e
> cleartext ECHO_REQUEST plus cleartext ECHO_REPLY back?
>
> This does sound like a routing problem. Does 10.10.28.31 use gwB as
> it's default gateway, or at the very least, route net-A via gwB?
>
> Additionally, you may check want to check 'netstat -p -esp -ss' on gwA
> and note the incoming byte/packet counters. If these do not increase,
> gwA does not see any encrypted (response) packets from gwB.
>
> tcpdump, ethereal etc are your friends here. :)
>
> /H

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]