local host is behind NAT, sending keep alives

Started by Isabella Borgward, December 16, 2024, 02:35:00 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 16, 2024, 02:35:00 PM
How is

Code Select
local host is behind NAT, sending keep alives
determined? Is it due to what the far-end says ["you are behind NAT"], or is it some other heuristic? I am seeing it in a scenario where there is definitely no NAT at my end ["local host"] and almost certainly not at the far end.
January 06, 2025, 06:47:38 PM #1
In this dialogue we can see that we start on 500 and jump to 4500.
In particular this line: "parsed IKE_SA_INIT response 0 [ SA KE No V V N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) V ]" is this the far end telling me that NAT has been detected?  Because the next packet I send is sent to/from 4500. But I am sure no NAT is in use here.

Code Select
14[ENC1] <the uuid|1> generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
14[NET1] <the uuid|1> sending packet: from 203.0.113.158[500] to 109.104.97.188[500] (336 bytes)
03[NET2] sending packet: from 203.0.113.158[500] to 198.51.100.188[500]
02[NET2] received packet: from 198.51.100.188[500] to 203.0.113.158[500]
02[NET2] waiting for data on sockets
12[NET1] <the uuid|1> received packet: from 198.51.100.188[500] to 149.106.180.158[500] (446 bytes)
12[ENC1] <the uuid|1> parsed IKE_SA_INIT response 0 [ SA KE No V V N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) V ]
12[IKE1] <the uuid|1> received Cisco Delete Reason vendor ID
12[IKE1] <the uuid|1> received Cisco Copyright (c) 2009 vendor ID
12[IKE1] <the uuid|1> received FRAGMENTATION vendor ID
12[IKE2] <the uuid|1> received FRAGMENTATION_SUPPORTED notify
12[CFG1] <the uuid|1> selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
12[IKE1] <the uuid|1> local host is behind NAT, sending keep alives
12[IKE2] <the uuid|1> reinitiating already active tasks
12[IKE2] <the uuid|1>   IKE_CERT_PRE task
12[IKE2] <the uuid|1>   IKE_AUTH task
12[IKE1] <the uuid|1> authentication of '203.0.113.158' (myself) with pre-shared key
12[IKE2] <the uuid|1> successfully created shared key MAC
12[IKE0] <the uuid|1> establishing CHILD_SA c942748f-a0ff-403f-8539-5a2fc2ba54f2{2}
12[ENC1] <the uuid|1> generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
12[NET1] <the uuid|1> sending packet: from 203.0.113.158[4500] to 109.104.97.188[4500] (268 bytes)
03[NET2] sending packet: from 203.0.113.158[4500] to 198.51.100.188[4500]
02[NET2] received packet: from 198.51.100.188[4500] to 203.0.113.158[4500]
Print
Go Up Pages1
User actions