From: michaelm@power.net   
      
   Hi,   
      
   We are having a strange problem. About 6 months ago we wanted to connect   
   a Nortel Contivity 1010 behind a Linksys BEFSR41 in order to conserve   
   public IPs. The ipsec tunnel between our local staff office (behind the   
   1010) and main office came up and worked except for one glaring failure   
   - a ssh tunnel between a client on any of the remote staff PCs and a   
   Linux box running Red Hat 7.3 at the main office would open and then   
   hang. You can login and do an ls (for example) and the screen returns   
   only 1/2 of what it should display and then the session dies. All you   
   can do is close the window,   
      
   Remove the Linksys and there were no problems with ssh. I tried to   
   troubleshoot this, but, of course, neither Linksys or Nortel would   
   support the interaction with the other vendor's equipment. I could find   
   no documentatin on this problem. I gave up and bought more IPs for the   
   remote office and put the Linksys and Nortel in parallel.   
      
   Just yesterday we installed a Nortel 1010 at a remote office connected   
   to the Internet by a cable modem and ran into the identical problem.   
   Everything works except ssh which dies after login in the same manner as   
   the Linksys situation mentioned above. EXCEPT there is no Linksys! I   
   talked to the cable ISP, Classic Cable; they claim that they are not   
   blocking any ports or services and they use Cisco routers. We have 1010s   
   at about a dozen other offices connected to the Internet by ADSL (mostly   
   SBC) and ssh works at all of them.   
      
   For the tunnel to work we only need ports 500 and 3478, and AH and ESP   
   services to work. If they were blocking any of these the tunnel would   
   not come up. It does come up and all traffic is routed though the   
   tunnel. I can think of no explanation for the ssh failure. At the remote   
   site we have had to revert to the existing frame relay circuit which   
   costs 7 times as much as the Internet for 1/10th the bandwidth.   
      
   Any help would be appreciated. If you want to reply to me personally   
   please email mike.morgan-at-teampcs.com   
      
   Thanks,   
      
   Mike Morgan   
   Network Administrator   
   PCS   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)