Hi,

My firewall...

# uname -a
NetBSD xxx.xxx.xxx 3.1_STABLE NetBSD 3.1_STABLE (GENERIC) #2: Sun Jan 14
16:48:08 EST 2007
louis@xxx.xxx.xxx:/usr/obj/sys/arch/i386/compile/GENERIC i386

# ipf -V
ipf: IP Filter: v4.1.8 (396)
Kernel: IP Filter: v4.1.8
Running: yes
Log Flags: 0 = none set
Default: pass all, Logging: available
Active list: 0
Feature mask: 0x10a

...panics while an internal user is connected to certain Cisco VPNs. The
ipnat.conf file contains this:

map sip1 192.168.1.0/24 -> 0.0.0.0/32 proxy port isakmp ipsec/udp

... without this line there is no connecting to the VPN in question.

From what I understand, this is actually a mis-configuration on the part
of the VPN administrator, but that shouldn't panic the firewall!!

Also a funny thing happens using the Cisco VPN client. You hit connect
and it doesn't work. Then if you try a second time it works!! This is
true for all VPN connections, even the non-problematic ones.

And the panic is not reliable. It happens only sometimes, but the
backtrace shows that the panic was in ipnat. Unfortunately I don't have
the crash dump because the firewall is net-booted and there is not
dumpdev. Maybe I can copy it down next time this happens.

Any idea how I can troubleshoot/resolve this issue?

Louis