<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Tahoma
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>



I setup a scenarion  [A]  - - -> [NAT] - - -> [B]<BR>[A] fedora 17, strongswan 5.0.1, is behind a NAT router (ip 192.168.0.2)<BR>[NAT] is a linux NAT router (ip 172.16.118.119)<BR>[B] fedora 17, strongswan 5.0.1, offer virtual ip pool 192.168.56.2/24 (ip 172.16.118.124)<BR> <BR>1. ikev2 and ipsec tunnel were established successfully<BR>2. ping 192.168.56.1 [B] from 192.168.56.3[A]<BR>3. tcpdump on [B] can sniffered UDP-encap ESP from [A] -> [B], then disappeared ?<BR> <BR>Anything misconfigured or missed ?<BR> <BR>Thanks,<BR>HW<BR> <BR>This is the config on [B]:<BR>Loading conn 'tun1'<br>  keyexchange=ikev2<br>  rekeymargin=3m<br>  authby=pubkey<br>  keyingtries=1<br>  mobike=no<br>  leftsourceip=192.168.56.2/24<br>  right=172.16.118.124<br>  rightsubnet=192.168.56.1/24<br>  leftid=C=te, CN=test<br>  rightcert=segw.crt<br>  ikelifetime=86400s<br>  keylife=86400s<br>  ike=aes-sha-modp2048<br>  esp=aes-sha<br>  auto=add<BR> <BR>tcpdump on [B] :<BR>14:30:10.930598 IP 172.16.118.119.ipsec-nat-t > 172.16.118.124.ipsec-nat-t: UDP-encap: ESP(spi=0xc70472da,seq=0x65c), length 132<br>14:30:11.933938 IP 172.16.118.119.ipsec-nat-t > 172.16.118.124.ipsec-nat-t: UDP-encap: ESP(spi=0xc70472da,seq=0x65d), length 132<br>14:30:12.934316 IP 172.16.118.119.ipsec-nat-t > 172.16.118.124.ipsec-nat-t: UDP-encap: ESP(spi=0xc70472da,seq=0x65e), length 132<br>14:30:13.936215 IP 172.16.118.119.ipsec-nat-t > 172.16.118.124.ipsec-nat-t: UDP-encap: ESP(spi=0xc70472da,seq=0x65f), length 132<BR>                                          </div></body>
</html>