[Swan-dev] Cisco NATT bug
Paul Wouters
paul at nohats.ca
Sat Mar 8 12:49:08 EET 2014
On Mon, 24 Feb 2014, Philippe Vouters wrote:
I've talked to some people about the Cisco NAT-T issue. It is known bug
in older firmware. The bad firmware uses the draft NATT for one payload
(NATD I believe) and the RFC version of second payload (NATOA). This is
why suppressing the RFC VID works around this issue, because than both
sides use the draft NATT numbers.
One workaround is to not show the RFC NATT VID when we see the Cisco
VID, and rely on the draft VIDs for Cisco. Than we would not have to
add a configuration option. But we would be stuck forever with draft
codes. Perhaps it is possible to just emulate their bug when we see it
happening.
Paul
More information about the Swan-dev
mailing list