[ previous ] [ next ] [ threads ]
 From:  Tom Obermayr <to at bla dot net>
 To:  "Jake S" <jake at agatestreet dot com>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Cisco VPN Client behind m0n0wall
 Date:  Thu, 18 Nov 2004 16:15:31 +0100
I have no control over that Concentrator whatsoever, which is the reason 
why I'm asking. the others are fine, but the one apparently doesn't have 
that setting for whatever reason, and I have no chance of changing that.


At 04:12 PM 11/18/2004, Jake S wrote:
>Or you could turn on NAT traversal (NAT-T) on your concentrator which would
>encapsulate IPSec traffic on UDP 4500 outbound.
>Thank you,
>Jake Seitz
>-----Original Message-----
>From: Tom Obermayr [mailto:to at bla dot net]
>Sent: Thursday, November 18, 2004 7:05 AM
>To: m0n0wall at lists dot m0n0 dot ch
>Subject: [m0n0wall] Cisco VPN Client behind m0n0wall
>I do have a problem with a client system using Cisco VPN client behind
>m0n0wall. Apparently there are different settings on the Cisco Concentrator
>that change the way the VPN connection is established.
>I have 3 different VPN entries in the Cisco client, two of which work just
>fine behind m0n0wall, whereas the 3rd one only works without the firewall.
>Looking at the firewall log, it seems that the VPN Concentrator is trying
>to connect to the client on port 500/UDP, which fails, of course.
>Maybe some kind of VPN client detection could be integrated, which
>automatically detects internal VPN clients trying to establish VPN
>sessions, and then allows the separate connection back in to go through?
>regards, tom.
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch