Bookmarks

Yahoo Gmail Google Facebook Delicious Twitter Reddit Stumpleupon Myspace Digg

Search queries

wwwxxxx.jpeg, xxxxdup, WWWXXX..APC site:board.issociate.de, WWWXXXAPC, WWWXXX .CMD, Wwwwxxx reemine, WWWXXX.VCBA, WWWXXX.VCBA, TheboL.wwwxxxxx, WWWXXXAPC

Links

XODOX
Impressum

#1: VPN Client behind firewall

Posted on 2005-05-09 07:56:53 by vinod

Hi,


I am trying to connect to the cisco VPN server from my network which
has linux firewall and windows 2000 systems. I have installed the Cisco
VPN Client on one of the windows 2000 pro system and trying to connect
and I am not able to connect with the error "Secure VPN Connection
terminated localy by the client Reason 412: The remote peer is no
longer responding"


When i went through some document in the net they say that


UDP port 500
UDP port 10000 (or any other port number being used for IPSec/UDP)
IP protocol 50 (ESP)
TCP port configured for IPSec/TCP
NAT-T port 4500


Should be open


I am not soo good at IPtables. Can any one tell me how to open this
ports in the iptables so that i can dial my vpn client


Plzz some one help me on this issue


Regards


Vinod

Report this message

#2: Re: VPN Client behind firewall

Posted on 2005-05-09 18:12:59 by roberson

In article <1115618213.404115.144680@z14g2000cwz.googlegroups.com>,
Vinod <vinwin@gmail.com> wrote:
:I am trying to connect to the cisco VPN server from my network which
:has linux firewall and windows 2000 systems.

:When i went through some document in the net they say that

:UDP port 500

Yes, always needed.

:UDP port 10000 (or any other port number being used for IPSec/UDP)

That's obsolete, ignore that one.

:IP protocol 50 (ESP)

That is used if NAT-T is not in effect, or if it is and the systems
discover that NAT-T is not needed. Or to phrase it another way,
traditionally you -always- needed IP protocol 50, but if you have NAT-T
turned on and it figures you need NAT-T then it will use a UDP port
instead.

:TCP port configured for IPSec/TCP

IPSec does not need any TCP ports in any Cisco implementation that I
know of.

:NAT-T port 4500

NAT-T negotiations are on UDP port 4500. If NAT-T is turned on,
the sequence is UDP 500, then UDP 4500, and then either ESP -or- a
negotiated UDP port.

When NAT-T is on and is negotiated, the dynamic UDP port used is
a -source- port, with the destination port always being UDP 4500
[and in this case ESP is not used.] This applies both ways:
one end will send to UDP 4500 of the other, and the other will
send to UDP 4500 of the first.


Sorry, I can't help with the iptables part.
--
Any sufficiently advanced bug is indistinguishable from a feature.
-- Rich Kulawiec

Report this message

#3: Re: VPN Client behind firewall

Posted on 2005-05-10 23:33:21 by Wolfgang Kueter

Walter Roberson wrote:

> In article <1115618213.404115.144680@z14g2000cwz.googlegroups.com>,
> Vinod <vinwin@gmail.com> wrote:
> :I am trying to connect to the cisco VPN server from my network which
> :has linux firewall and windows 2000 systems.

> [good explanation deleted]
>
> Sorry, I can't help with the iptables part.

Watching the logfile and reading the iptables docmentation should help.

;-)

Apart from that I'd recommend for that scenario to forget using the
Cisco VPN client behind the Linux NAT box but to build a site to site VPN
between the Cisco and the Linux box instead unsing OpenSwan on the Linux
side.

Wolfgang

Report this message