-   Linux - Security (
-   -   Need Help Opening iptables to Cisco VPN (

badees 02-25-2008 06:02 AM

Need Help Opening iptables to Cisco VPN

I have gotten Ubuntu 7.10 up and running on my Asus M6NE with all hardware working. So I want to dump Windows. I can't do that yet since my work requires me to run Cisco VPN to connect to work. I have it all working in a VM Machine but it is very resource consuming to run the VM Machine just to connect for editing work.

Cisco needs the system to be open bi-directionally to the following ports:
UDP 500 IKE port
UDP 5000 port
UDP 10000 port

Now I can't get the iptables setup so that it is working. Well to be exact I am getting:

Initializing the VPN connection.
Secure VPN Connection terminated locally by the Client
Reason: Failed to establish a VPN connection.
There are no new notification messages at this time.

every time I connect. Any one got any Ideas how to work around this problem? Check ports if they are open properly and stuff.

Thanks and BR

acid_kewpie 02-25-2008 06:13 AM

cisco vpn's run fine under linux too. you can use the cisco own client or the friendlier vpnc client. you may have issues depending on their peer configuration, but certainly a better bet that a windows vm.

in terms of what you've done, you've said nothing about the kind of vm networking you are doing - bridged? natted? what vm product is it in the first place? if it's bridged then there's nothing within the linux side that should be at all relevant.

badees 02-25-2008 07:36 AM

I am running on VMPlayer for now. I have to use both Bridge and Nat depending on how I am connected. If I am in my local network then I can Bridge. If I am connecting via public WiFi then I need to NAT since they will only issue one ip per MAC and I am to lazy to spoof a VM MAC. The VM works fine in all cases.

Any way I tried the VPNC but I can't config it. The Cisco setting is that there is not group name and when I try to make a connection in the VPN manager I can't move to the next instruction page. The system uses a Certificate (.pfx). I haven't found any useful articles about how to import .pfx files.

More over since I am running compfiz I sometimes don't get the keyboard in the VM system. If I don't use full screen then I can't see all the desktop. If I use 800x600 then its to small to maneuver for work.(That may just be me being spoiled.)

t1n0m3n 03-03-2008 06:30 AM

What is port udp/5000 for?

For UDP NAT traversal you should have udp/500, udp/4500, and udp/10000 opened.

You also should have the UDP NAT traversal option checked in the client.

For Windows users
Cisco VPN Ubuntu guide
Options list for the PCF file (and a Kvpn guide too, however not relevant.)
Cisco PCF full options list

I hope this helps on getting you going.

badees 03-04-2008 06:51 AM

Port 5000 is for IPSec or so the doc said. Thanks I will have to look into it a bit later. I have to get some work done so I was forced back to winblows.

All times are GMT -5. The time now is 09:59 PM.