On Sat, November 19, 2005 3:35 pm, Gregory Abbott wrote:
> Peter Allgeyer wrote:
>> Am Samstag, den 19.11.2005, 11:36 -0500 schrieb Gregory Abbott:
>>>Anyway, I noticed in my m0n0wall logs that when I try to connect I see
>>>WAN interface blocking UDP from the concentrator IP address to the nat
>>>of my machine the client is running on.
>> Can you be a little more specific on this point? Cisco IPSec normally
>> uses port 4500/udp for tunneling NAT devices. There shouldn't be any
>> problems with m0n0wall and/or NAT on this point.
> Well, thats whats odd. I've been using VPN from behind my m0n0wall for
> about 6 months with no problem. The issue just started yesterday. Since
> the fact that another coworker started to have the same problem behind
> their router which is not m0n0wall, the problem sounds like it isnt
> anything on the client end but on the VPN server but at work they arent
> finding a problem.
> Here is what I see being blocked in my logs after trying to connect with
> the client(I blocked out the whole IP of the VPN server):
> 15:24:27.989306 WAN 66.133.x.x 10.5.27.21 UDP
> 15:24:22.987884 WAN 66.133.x.x 10.5.27.21 UDP
> 15:24:21.015540 WAN 66.133.x.x 10.5.27.21 UDP
> 15:24:13.016823 WAN 66.133.x.x 10.5.27.21 UDP
> I added a rule in my firewall on the WAN to allow all UDP traffic from
> source 66.133.x.x. Here is what my rule looks like:
> Proto Source Port Destination Port
> UDP 66.133.x.x * * *
I should also mention the error the client is giving is:
Secure VPN Connection terminated locally by the Client. Reson 403: Unable
to contact the security gateway.
> I would think that even if this rule doesnt fix the issue at the very
> least m0n0wall wouldnt be blocking the incoming UDP.