Thursday, July 2, 2015

macosx ipsec client nat-keepalive validation

You can take a packet capture of traffic from  your macosx client, and by reviewing the timestamps you can check and validate the keepalive intervals for NAT-T.

In this example, my vpn-concentrator is located at & the macosx client KAs are at a 20sec interval.

The KAs will ensure the firewall doesn't close the UDP sessions from the connections and/or nat-transaction tables.

Ken Felix
NSE ( Network Security Expert) and Route/Switching Engineer.
kfelix  -----a----t---- socpuppets ---dot---com

    ^     ^
=(  *  * )=
       /  \

No comments:

Post a Comment