Thursday, July 2, 2015

macosx ipsec client nat-keepalive validation

You can take a packet capture of traffic from  your macosx client, and by reviewing the timestamps you can check and validate the keepalive intervals for NAT-T.

In this example, my vpn-concentrator is located at 192.0.2.1 & the macosx client KAs are at a 20sec interval.



The KAs will ensure the firewall doesn't close the UDP sessions from the connections and/or nat-transaction tables.


Ken Felix
NSE ( Network Security Expert) and Route/Switching Engineer.
kfelix  -----a----t---- socpuppets ---dot---com

    ^     ^
=(  *  * )=
        o 
       /  \
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)