Thursday, June 24, 2004
IPSEC rant
Note to self: When building complex VMware labs to model unusual network topologies for IPSEC VPNs using X.509 certificate authentication, shutdown and reboot rather than suspend and resume VPN gateways. Their clocks tend to get stuck in the past and certificates that are seemingly issued in the future don’t work too well.
Apropos, before poring over IPSEC logs to pin-point an annoying problem, double-check the firewall and NAT configuration first.