Need Help Opening iptables to Cisco VPN
Hi
I have gotten Ubuntu 7.10 up and running on my Asus M6NE with all hardware working. So I want to dump Windows. I can't do that yet since my work requires me to run Cisco VPN to connect to work. I have it all working in a VM Machine but it is very resource consuming to run the VM Machine just to connect for editing work. Cisco needs the system to be open bi-directionally to the following ports: UDP 500 IKE port UDP 5000 port UDP 10000 port Now I can't get the iptables setup so that it is working. Well to be exact I am getting: Initializing the VPN connection. Secure VPN Connection terminated locally by the Client Reason: Failed to establish a VPN connection. There are no new notification messages at this time. every time I connect. Any one got any Ideas how to work around this problem? Check ports if they are open properly and stuff. Thanks and BR Badees |
cisco vpn's run fine under linux too. you can use the cisco own client or the friendlier vpnc client. you may have issues depending on their peer configuration, but certainly a better bet that a windows vm.
in terms of what you've done, you've said nothing about the kind of vm networking you are doing - bridged? natted? what vm product is it in the first place? if it's bridged then there's nothing within the linux side that should be at all relevant. |
Configs
I am running on VMPlayer for now. I have to use both Bridge and Nat depending on how I am connected. If I am in my local network then I can Bridge. If I am connecting via public WiFi then I need to NAT since they will only issue one ip per MAC and I am to lazy to spoof a VM MAC. The VM works fine in all cases.
Any way I tried the VPNC but I can't config it. The Cisco setting is that there is not group name and when I try to make a connection in the VPN manager I can't move to the next instruction page. The system uses a Certificate (.pfx). I haven't found any useful articles about how to import .pfx files. More over since I am running compfiz I sometimes don't get the keyboard in the VM system. If I don't use full screen then I can't see all the desktop. If I use 800x600 then its to small to maneuver for work.(That may just be me being spoiled.) |
What is port udp/5000 for?
For UDP NAT traversal you should have udp/500, udp/4500, and udp/10000 opened. You also should have the UDP NAT traversal option checked in the client. For Windows users Cisco VPN Ubuntu guide Options list for the PCF file (and a Kvpn guide too, however not relevant.) Cisco PCF full options list I hope this helps on getting you going. |
Port 5000 is for IPSec or so the doc said. Thanks I will have to look into it a bit later. I have to get some work done so I was forced back to winblows.
|
All times are GMT -5. The time now is 08:39 AM. |