vpn & firewall? [SOLVED]

[mahdi1234]

hi there,

i'm having problem to figure what services/ports i need to enable for cisco vpn client to work.

i'm using guarddog which is frontend to iptables. If i disable firewall completely it works just fine. Though once enabled I will not get even through to login to vpn.

I've tried to track ports using cmon and iptables -L - but I must admin I'm pretty lame in this and I'm stuck now.

Does anyone know which ports are used for cisco vpn to establish connection? Alternatively how can I monitor the traffic to figure out myself which ports to open?

thanks,
mahdi

[lxg]

Possibly netstat can help you (e.g. netstat --inet). Sorry, that I can't help you more with that, but I'm not too familiar with this tool.
In the worst case, you could try to do an nmap scan on your external IP address. (By the way, when setting up a firewall for a VPN'ed connection, remenber that you have a different IP.)
_________________
lxg.de – codebits and tech talk

[guero61]

I've NATed multiple Cisco clients simultaneously, and there's nothing special you need to do. Just make sure you have stateful inspection set up, and you're good to go. I don't use any front-ends to iptables - I've always done raw tables. The following is a bare-bones example of what you'd need to set up NAT reasonably securely (assuming your internet connection is eth0):

[mahdi1234]

i had to reboot and it's working now fine with vpnc, strange, somewhat m$ type of solution ;)

but thanks for the tips i know a little bit more now again ...