Matthias Scheler wrote:
> On Mon, Jan 22, 2007 at 06:25:56PM -0500, Louis Guillaume wrote:
>> ipnat.conf file contains this:
>>
>> map sip1 192.168.1.0/24 -> 0.0.0.0/32 proxy port isakmp ipsec/udp
>>
>> ... without this line there is no connecting to the VPN in question.
> 
> Are you sure about that? Cisco VPN clients usually support NAT-T (RFC 3948)
> which encapsulates all IPsec traffic in UDP. They don't need any
> "VPN passthrough" support in the NAT router.
> 
> I would recomment to check the configuration of the Cisco VPN client
> and enable UDP tunneling.
> 
> BTW: would you please nevertheless submit a bug report with "send-pr"
>      because of the kernel panic?
> 
> 	Kind regards
> 


Wow! what an improvement. I took the proxy out of my NAT rules and now
everything works beautifully.

The only reason I put that proxy in was for a client's VPN that was
suspected to be mis-configured (it didn't work from behind NAT-ed
firewalls). The proxy fixed that problem, but it seems caused others.

I will send-pr. Thanks!

Louis