IPSEC NAT/BINAT

andres.rodriguez

estos son los resultados:

Jul 11 14:47:27 	racoon: DEBUG: b0968f73 ba12284f 1d4ae0c3 66cb5aab 08100501 b2a9abed 0000005c b652fb8d 460158da 94a60dd3 1a2efb84 f0dce8de a393485f 1ce55260 0c5932ac b4204104 3bd72844 47b29c7b 360ab30c 38e058e3 1270bcae 0f029f72 24abad4b
Jul 11 14:47:27 	racoon: DEBUG: sendto Information notify.
Jul 11 14:47:27 	racoon: DEBUG: IV freed
Jul 11 14:47:27 	racoon: [MetLife Colombia Colombia]: [200.32.82.AAA] DEBUG: DPD R-U-There sent (0)
Jul 11 14:47:27 	racoon: [MetLife Colombia Colombia]: [200.32.82.AAA] DEBUG: rescheduling send_r_u (5).
Jul 11 14:47:27 	racoon: DEBUG: ===
Jul 11 14:47:27 	racoon: DEBUG: 84 bytes message received from 200.32.82.AAA[500] to 190.85.197.XXX[500]
Jul 11 14:47:27 	racoon: DEBUG: b0968f73 ba12284f 1d4ae0c3 66cb5aab 08100501 a3c0a686 00000054 1aa5f1da 52a6a444 fdebab95 6fbd8fc1 266b4c18 8d5b8987 d8a55da0 f6374552 e360d812 8b112220 c44ab5bd 818fc8ab c971ece9 b218cfeb
Jul 11 14:47:27 	racoon: DEBUG: receive Information.
Jul 11 14:47:27 	racoon: DEBUG: compute IV for phase2
Jul 11 14:47:27 	racoon: DEBUG: phase1 last IV:
Jul 11 14:47:27 	racoon: DEBUG: b9f7ac2d da76534c a3c0a686
Jul 11 14:47:27 	racoon: DEBUG: hash(sha1)
Jul 11 14:47:27 	racoon: DEBUG: encryption(3des)
Jul 11 14:47:27 	racoon: DEBUG: phase2 IV computed:
Jul 11 14:47:27 	racoon: DEBUG: 8fa2b9eb 391c6bec
Jul 11 14:47:27 	racoon: DEBUG: begin decryption.
Jul 11 14:47:27 	racoon: DEBUG: encryption(3des)
Jul 11 14:47:27 	racoon: DEBUG: IV was saved for next processing:
Jul 11 14:47:27 	racoon: DEBUG: c971ece9 b218cfeb
Jul 11 14:47:27 	racoon: DEBUG: encryption(3des)
Jul 11 14:47:27 	racoon: DEBUG: with key:
Jul 11 14:47:27 	racoon: DEBUG: 91abe98d 3d3cb900 7ad62da2 5c80467a d746b625 ff39e30b
Jul 11 14:47:27 	racoon: DEBUG: decrypted payload by IV:
Jul 11 14:47:27 	racoon: DEBUG: 8fa2b9eb 391c6bec
Jul 11 14:47:27 	racoon: DEBUG: decrypted payload, but not trimed.
Jul 11 14:47:27 	racoon: DEBUG: 0b000018 4ddd4dbe 707b34df c9c829b8 5e0a9b97 3df6ca70 00000020 00000001 01108d29 b0968f73 ba12284f 1d4ae0c3 66cb5aab 000001b2
Jul 11 14:47:27 	racoon: DEBUG: padding len=179
Jul 11 14:47:27 	racoon: DEBUG: skip to trim padding.
Jul 11 14:47:27 	racoon: DEBUG: decrypted.
Jul 11 14:47:27 	racoon: DEBUG: b0968f73 ba12284f 1d4ae0c3 66cb5aab 08100501 a3c0a686 00000054 0b000018 4ddd4dbe 707b34df c9c829b8 5e0a9b97 3df6ca70 00000020 00000001 01108d29 b0968f73 ba12284f 1d4ae0c3 66cb5aab 000001b2
Jul 11 14:47:27 	racoon: DEBUG: IV freed
Jul 11 14:47:27 	racoon: DEBUG: HASH with:
Jul 11 14:47:27 	racoon: DEBUG: a3c0a686 00000020 00000001 01108d29 b0968f73 ba12284f 1d4ae0c3 66cb5aab 000001b2
Jul 11 14:47:27 	racoon: DEBUG: hmac(hmac_sha1)
Jul 11 14:47:27 	racoon: DEBUG: HASH computed:
Jul 11 14:47:27 	racoon: DEBUG: 4ddd4dbe 707b34df c9c829b8 5e0a9b97 3df6ca70
Jul 11 14:47:27 	racoon: DEBUG: hash validated.
Jul 11 14:47:27 	racoon: DEBUG: begin.
Jul 11 14:47:27 	racoon: DEBUG: seen nptype=8(hash)
Jul 11 14:47:27 	racoon: DEBUG: seen nptype=11(notify)
Jul 11 14:47:27 	racoon: DEBUG: succeed.
Jul 11 14:47:27 	racoon: [MetLife Colombia Colombia]: [200.32.82.AAA] DEBUG: DPD R-U-There-Ack received
Jul 11 14:47:27 	racoon: [MetLife Colombia Colombia]: [200.32.82.AAA] DEBUG: received an R-U-THERE-ACK

bellera

Desgraciadamente eso sólo parece informar del establecimiento del túnel. ¿Probaste a pinguear a ver si el debug de racoon dice algo más?

Si hay dudas sobre si el NAT/BINAT funciona adecuadamente te propongo hagas un montaje provisional con una LAN que tenga el rango de máscara 28 que te solicita el proveedor y pruebes.

Sería la forma de comprobar que IPsec te funciona en condiciones "normales", sin NAT/BINAT.

andres.rodriguez

el debug que te envie, se genero en el momento que tenia un ping sostenido a la ip de destino, pero no se logra ver nada, entonces realizare la emulacion de una red con la que me solicita el proveedor y te comento.