Need Help Opening iptables to Cisco VPN
 

Hi

I have gotten Ubuntu 7.10 up and running on my Asus M6NE with all hardware working. So I want to dump Windows. I can't do that yet since my work requires me to run Cisco VPN to connect to work. I have it all working in a VM Machine but it is very resource consuming to run the VM Machine just to connect for editing work.

Cisco needs the system to be open bi-directionally to the following ports:
UDP 500 IKE port
UDP 5000 port
UDP 10000 port

Now I can't get the iptables setup so that it is working. Well to be exact I am getting:

Initializing the VPN connection.
Secure VPN Connection terminated locally by the Client
Reason: Failed to establish a VPN connection.
There are no new notification messages at this time.

every time I connect. Any one got any Ideas how to work around this problem? Check ports if they are open properly and stuff.

Thanks and BR
Badees

cisco vpn's run fine under linux too. you can use the cisco own client or the friendlier vpnc client. you may have issues depending on their peer configuration, but certainly a better bet that a windows vm.

in terms of what you've done, you've said nothing about the kind of vm networking you are doing - bridged? natted? what vm product is it in the first place? if it's bridged then there's nothing within the linux side that should be at all relevant.

Configs
 

I am running on VMPlayer for now. I have to use both Bridge and Nat depending on how I am connected. If I am in my local network then I can Bridge. If I am connecting via public WiFi then I need to NAT since they will only issue one ip per MAC and I am to lazy to spoof a VM MAC. The VM works fine in all cases.

Any way I tried the VPNC but I can't config it. The Cisco setting is that there is not group name and when I try to make a connection in the VPN manager I can't move to the next instruction page. The system uses a Certificate (.pfx). I haven't found any useful articles about how to import .pfx files.

More over since I am running compfiz I sometimes don't get the keyboard in the VM system. If I don't use full screen then I can't see all the desktop. If I use 800x600 then its to small to maneuver for work.(That may just be me being spoiled.)

What is port udp/5000 for?

For UDP NAT traversal you should have udp/500, udp/4500, and udp/10000 opened.

You also should have the UDP NAT traversal option checked in the client.

For Windows users
Cisco VPN Ubuntu guide
Options list for the PCF file (and a Kvpn guide too, however not relevant.)
Cisco PCF full options list

I hope this helps on getting you going.

Port 5000 is for IPSec or so the doc said. Thanks I will have to look into it a bit later. I have to get some work done so I was forced back to winblows.