1 of 1 people found this helpful
I assume when you tested without the Snapgear, the public IP was on your ubuntu box.
The 'problem' is NAT-T ( NAT traversal )
KB62315 in our knowledge base will give you an understanding of NAT-T
Basically, you will need to use agressive mode rather than main mode, and use some form of ID ( possibly in email format ) other than the public IP, which resides on the Snapgear.
Google seems to show a number of useful links when searching for 'vpnc nat traversal'
hope this helps.
Actually, when I removed the Snapgear I configured the Billion Modem to do the PPPoE connection which means the modem had the public IP address. My Ubuntu box received a LAN IP address (192.168.x.x/24) from the Billion. Therefore the Billion modem was also doing NAT. I could use the vpnc client sucessfully in this setup.
When the Snapgear is in place I had the Billion modem in bridge mode whioch means the Snapgear was doing the PPPoE connection and receiving the Public IP Address. The Snapgear also was doing NAT. With this configuration I could not get the vpnc client on my Ubuntu Box to work at all. Funny thing is that there are no logs either on the Snapgear relating to the ipsec traffic.
I am not sure what you mean by "aggressive mode" but I look at the article you mentioned.
I finally got this solved and it turns out that the vpnc client needed another parameter added to the configuration file in /etc/vpnc.conf
I added the following line, (0 is a zero)
Local Port 0
What this does is force the vpnc client to randomly choose a port for the ISAKMP port number. If you do not add this line then the default port is 500.
BTW the vpnc client support aggressive mode only.