[CLUE-Tech] Marginally OT: VPN client
David Anselmi
anselmi at americanisp.net
Sun Aug 10 16:29:01 MDT 2003
Sean LeBlanc wrote:
> Hiya. This isn't specific to Linux, but here goes:
>
> Has anyone set up a Cisco 678 to allow VPN through? As of now, I'm trying to
> get the W2K Cisco client to work.
As Jeremy said, it works without any special adjustments to the 678.
> I googled up a discussion that suggested this:
>
> set nat entry add <myinternalip> 1723 <myexternalip> 1723 TCP
> set nat entry add <myinternalip> 0 <myexternalip> 0 47
This is for PPTP (MS RAS), not IPSec (Cisco VPN). Cisco is UDP port 500
and IP protocol 50 (IIRC).
> I did this, did a write, and tried my client again. I still get an error
> message saying the "remote peer is no longer responding."
I got that too, and thought I'd have to do something fancy, or that
IPSec wouldn't work through NAT. But Cisco's all over that so it does.
There is a server side setting for this (called NAT traversal, or
IPSec over UDP) and you might look for something similar on the client.
Obviously you can't filter the IPSec traffic.
[...]
> Also, has anyone used a Linux or FreeBSD client? I did some quick googling
> on the FreeBSD client, and what I saw didn't look too encouraging.
Cisco has a Linux version of their client. I assume it is functional,
but haven't used it.
HTH,
Dave
More information about the clue-tech
mailing list