Search queries

php save mails as eml, WWWXXXAPC, sqlexpress database file auto-creation error, sqlexpress database file auto-creation error, dbf2mysql parameter, wwwxxxAPC, How to unsubscrube from dategen spam, docmd.close 2585, WWWXXXDOCO, nu vot

Links

XODOX
Impressum

#1: VPN Client behind firewall

Posted on 2005-05-09 07:56:53 by vinod

Hi,

I am trying to connect to the cisco VPN server from my network which
has linux firewall and windows 2000 systems. I have installed the Cisco
VPN Client on one of the windows 2000 pro system and trying to connect
and I am not able to connect with the error "Secure VPN Connection
terminated localy by the client Reason 412: The remote peer is no
longer responding"

When i went through some document in the net they say that

UDP port 500
UDP port 10000 (or any other port number being used for IPSec/UDP)
IP protocol 50 (ESP)
TCP port configured for IPSec/TCP
NAT-T port 4500

Should be open

I am not soo good at IPtables. Can any one tell me how to open this
ports in the iptables so that i can dial my vpn client

Plzz some one help me on this issue

Regards

Vinod

Report this message

#2: Re: VPN Client behind firewall

Posted on 2005-05-09 18:12:59 by roberson

In article <1115618213.404115.144680@z14g2000cwz.googlegroups.com>,
Vinod <vinwin@gmail.com> wrote:
:I am trying to connect to the cisco VPN server from my network which
:has linux firewall and windows 2000 systems.

:When i went through some document in the net they say that

:UDP port 500

Yes, always needed.

:UDP port 10000 (or any other port number being used for IPSec/UDP)

That's obsolete, ignore that one.

:IP protocol 50 (ESP)

That is used if NAT-T is not in effect, or if it is and the systems
discover that NAT-T is not needed. Or to phrase it another way,
traditionally you -always- needed IP protocol 50, but if you have NAT-T
turned on and it figures you need NAT-T then it will use a UDP port
instead.

:TCP port configured for IPSec/TCP

IPSec does not need any TCP ports in any Cisco implementation that I
know of.

:NAT-T port 4500

NAT-T negotiations are on UDP port 4500. If NAT-T is turned on,
the sequence is UDP 500, then UDP 4500, and then either ESP -or- a
negotiated UDP port.

When NAT-T is on and is negotiated, the dynamic UDP port used is
a -source- port, with the destination port always being UDP 4500
[and in this case ESP is not used.] This applies both ways:
one end will send to UDP 4500 of the other, and the other will
send to UDP 4500 of the first.

Sorry, I can't help with the iptables part.
--
Any sufficiently advanced bug is indistinguishable from a feature.
-- Rich Kulawiec

Report this message

#3: Re: VPN Client behind firewall

Posted on 2005-05-10 23:33:21 by Wolfgang Kueter

Walter Roberson wrote:

> In article <1115618213.404115.144680@z14g2000cwz.googlegroups.com>,
> Vinod <vinwin@gmail.com> wrote:
> :I am trying to connect to the cisco VPN server from my network which
> :has linux firewall and windows 2000 systems.

> [good explanation deleted]
>
> Sorry, I can't help with the iptables part.

Watching the logfile and reading the iptables docmentation should help.

;-)

Apart from that I'd recommend for that scenario to forget using the
Cisco VPN client behind the Linux NAT box but to build a site to site VPN
between the Cisco and the Linux box instead unsing OpenSwan on the Linux
side.

Wolfgang

Report this message

« Pulling down the red interface

Index

Port 110 »