[ previous ] [ next ] [ threads ]
 From:  Travis Dixon <travisd at tubas dot net>
 To:  Tom Obermayr <to at bla dot net>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Cisco VPN Client behind m0n0wall
 Date:  Thu, 18 Nov 2004 10:24:04 -0500 (EST)
The Cisco client has a very good NAT traversal mode - I use this and have
no problems at all behind m0n0.

You can actually do either udp or tcp tunnelling. I actually configured my vpn
concentrator to support tunnelling on many common ports which helps when dealing
with some more braindead foreign networks (hotels, etc).

THe only negative impact *may* be some performance but for normal VPN usage I have
never had a problem with this.

The settings on the client are under the "Transport" tab. Tunnelling must be enabled on
the VPN server as well.

On Thu, 18 Nov 2004, Tom Obermayr wrote:

> hi,
> I do have a problem with a client system using Cisco VPN client behind
> m0n0wall. Apparently there are different settings on the Cisco Concentrator
> that change the way the VPN connection is established.
> I have 3 different VPN entries in the Cisco client, two of which work just
> fine behind m0n0wall, whereas the 3rd one only works without the firewall.
> Looking at the firewall log, it seems that the VPN Concentrator is trying
> to connect to the client on port 500/UDP, which fails, of course.
> Maybe some kind of VPN client detection could be integrated, which
> automatically detects internal VPN clients trying to establish VPN
> sessions, and then allows the separate connection back in to go through?
> regards, tom.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch