I setup a profile and connected to VIA using the internal network to make sure there was no firewall in the way. These are the results, we are using 4500 now, but it still appears traffic is only going one way? Or maybe I am reading the output wrong
Source IP Destination IP Prot SPort DPort Cntr Prio ToS Age Destination TAge Packets Bytes Flags
--------------- --------------- ---- ----- ----- -------- ---- --- --- ----------- ---- --------- --------- ---------------
10.30.42.17 10.31.38.40 17 4500 56319 0/0 0 0 4 pc3 af 8 1268 F
10.31.38.40 10.30.42.17 17 56319 4500 0/0 0 0 0 pc3 af 16625 2635078 FC
ike-scan --nat-t --dport=4500 --verbose hostname
DEBUG: pkt len=336 bytes, bandwidth=56000 bps, int=52000 us
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)
10.30.42.17 Main Mode Handshake returned HDR=(CKY-R=114c5f1e619f2049) SA=(Enc=3DES Hash=SHA1 Auth=PSK Group=2:modp1024 LifeType=Seconds LifeDuration(4)=0x00007080) VID=4485152d18b6bbcd0be8a8469579ddcc (draft-ietf-ipsec-nat-t-ike-00) VID=90cb80913ebb696e086381b5ec427b1f (draft-ietf-ipsec-nat-t-ike-02
) VID=afcad71368a1f1c96b8696fc77570100 (Dead Peer Detection v1.0)
Ending ike-scan 1.9: 1 hosts scanned in 1.061 seconds (0.94 hosts/sec). 1 returned handshake; 0 returned notify