[ previous ] [ next ] [ threads ]
 From:  "Jake S" <jake at agatestreet dot com>
 To:  "'Tom Obermayr'" <to at bla dot net>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Cisco VPN Client behind m0n0wall
 Date:  Thu, 18 Nov 2004 07:12:55 -0800
Or you could turn on NAT traversal (NAT-T) on your concentrator which would
encapsulate IPSec traffic on UDP 4500 outbound.

Thank you,
Jake Seitz 

-----Original Message-----
From: Tom Obermayr [mailto:to at bla dot net] 
Sent: Thursday, November 18, 2004 7:05 AM
To: m0n0wall at lists dot m0n0 dot ch
Subject: [m0n0wall] Cisco VPN Client behind m0n0wall


I do have a problem with a client system using Cisco VPN client behind 
m0n0wall. Apparently there are different settings on the Cisco Concentrator 
that change the way the VPN connection is established.

I have 3 different VPN entries in the Cisco client, two of which work just 
fine behind m0n0wall, whereas the 3rd one only works without the firewall. 
Looking at the firewall log, it seems that the VPN Concentrator is trying 
to connect to the client on port 500/UDP, which fails, of course.

Maybe some kind of VPN client detection could be integrated, which 
automatically detects internal VPN clients trying to establish VPN 
sessions, and then allows the separate connection back in to go through?

regards, tom.

To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch