Hello,

  The versions:

Linux Fedora Core 4
kernel version: 2.6.17-1.2142_FC4
ipsec-tools 0.6.6 (http://ipsec-tools.sourceforge.net)

Local Linux IP address 192.168.100/24
   FC_Public_IP_Address
Remote ADSL/VPN adress 192.1689.50.0/24
   ADSL_Public_IP_Address

The VPN connect OK:

---------------------------------------------------------------------------------
INFO: @(#)ipsec-tools 0.6.6 (http://ipsec-tools.sourceforge.net)
INFO: @(#)This product linked OpenSSL 0.9.7f 22 Mar 2005 (http://www.openssl.org/ )
INFO: 212.8.104.244[500] used as isakmp port (fd=6)
INFO: 212.8.104.244[500] used for NAT-T
INFO: respond new phase 1 negotiation: FC_Public_IP_Address[500]<=>ADSL_Public_IP_Address[500]
INFO: begin Identity Protection mode.
INFO: ISAKMP-SA established FC_Public_IP_Address[500]-ADSL_Public_IP_Address[500] spi:fbb1fb2d0a6888f1:a25df03d175fd588
INFO: respond new phase 2 negotiation: FC_Public_IP_Address[500]<=>ADSL_Public_IP_Address[500]
INFO: no policy found, try to generate the policy : 192.168.50.0/24[0] 192.168.100.0/24[0] proto=any dir=in
INFO: IPsec-SA established: ESP/Tunnel ADSL_Public_IP_Address[0]->FC_Public_IP_Address4[0] spi=15009940(0xe50894)
INFO: IPsec-SA established: ESP/Tunnel FC_Public_IP_Address[0]->ADSL_Public_IP_Address5[0] spi=1448309071(0x5653714f)
ERROR: such policy does not already exist: "192.168.50.0/24[0] 192.168.100.0/24[0] proto=any dir=in"
ERROR: such policy does not already exist: "192.168.50.0/24[0] 192.168.100.0/24[0] proto=any dir=fwd"
ERROR: such policy does not already exist: "192.168.100.0/24[0] 192.168.50.0/24[0] proto=any dir=out"
---------------------------------------------------------------------------------


The ADSL/VPN router has a keep alive function that send a ICMP packet to test the VPN this works fine:

-------------------------------------------------------------------------------------------------------------------------
13:38:56.609100 IP 192.168.50.1 > 192.168.100.89: icmp 40: echo request seq 0
13:38:56.609377 IP 192.168.100.89 > 192.168.50.1: icmp 40: echo reply seq 0
-------------------------------------------------------------------------------------------------------------------------

But in not possible to do a ping fron local linux net to ADSL Internal IP 192.168.50.1 tha packet is NATed

---------------------------------------------------
13:44:53.140759 IP FC_Public_IP_Addres > 192.168.50.1: icmp 40: echo request seq 57095
---------------------------------------------------

Which is the problem?

--

SALU2.