| View previous topic :: View next topic |
| Author |
Message |
fbleagh
Tux's lil' helper
Joined: 13 Jun 2002
Posts: 98
|
 Posted: Wed May 14, 2003 1:09 am Post subject: Cisco VPN through IPtables |
 |
|
Ok heres the scenario.
I have a small network at home comprised of 2 linux boxen and 2 windows boxen.
1 of the windows boxes is my dad's
the other is my work laptop.
now my company has a nice little cisco vpn setup I can dial into, but it does seem to be working form behind my IPTABLES nat/firewall.
I tried forwarding ports etc but no luck.
Any bright Ideas ? |
|
| Back to top |
|
 |
proxy
Apprentice
Joined: 20 Apr 2002
Posts: 260
Location: Chantilly, VA
|
| Posted: Wed May 14, 2003 2:10 am Post subject: |
|
|
hmm, my cisco vpn software seems to do fine behind a hardware firewall. what ports are you forwarding?
proxy |
|
| Back to top |
|
|
fbleagh
Tux's lil' helper
Joined: 13 Jun 2002
Posts: 98
|
| Posted: Wed May 14, 2003 2:26 am Post subject: |
|
|
iptables -A FORWARD -p udp --sport 500 --dport 500 -j ACCEPT
iptables -A FORWARD -p udp --sport 50 --dport 50 -j ACCEPT
iptables -A FORWARD -p udp --sport 510 --dport 510 -j ACCEPT
iptables -A FORWARD -p tcp --sport 10000 --dport 10000 -j ACCEPT
is that right ? |
|
| Back to top |
|
|
jsleeper
Tux's lil' helper
Joined: 04 Apr 2003
Posts: 75
Location: Virginia Beach, VA, US
|
| Posted: Wed May 14, 2003 3:23 pm Post subject: |
|
|
I believe that you also have to let in ESP packets, which is tcp protocol 50. So where you normally put tcp or udp, put -p 50 instead. I've never done it with iptables, but with cisco ios I allow in udp port 500 and all esp traffic from the remote vpn device to the local network.
_________________
are sigs really usefull? |
|
| Back to top |
|
|
|
Networking & Security
