Alec Miller wrote:
>
> I have had no luck with the Nortel Access Client working thru the Eiger
> images. I just had to convince my firewall expert to make an IPSec
> connection to the actual LRP box from the corporate firewall, but it helps
> if you work in the IT dept.
>
> I do have a friend that got his Nortel Access Client working thru the
> Oxygen? (not exactly 100% sure) image.
>
> ----- Original Message -----
> From: Don <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Wednesday, November 14, 2001 3:23 PM
> Subject: [Leaf-user] Outbound VPN
>
> Hello,
>
> I've recently installed Dachstein RC2. Is this version able to masq an ipsec
> type of VPN connection? Are there any special IPChains rules that I need to
> enable?
>
> I've confirmed that I can connect without the firewall, but cannot from the
> inside. When I try to connect I can see port 500 being blocked in the log
> through the weblet interface, then the firewall status goes to "warning".
>
> The VPN software is Nortel's Extranet Access Client.
>
You need to open port 50 & 500; the relevent code in my firewall
is:
at the top of the input chains
/sbin/ipchains -A input -j ACCEPT -i $EXTIF -p udp -s $VPNHOST1 500 -d $EXTIP
/sbin/ipchains -A input -j ACCEPT -i $EXTIF -p 50 -s $VPNHOST1 -d $EXTIP
at the top of the output chains
/sbin/ipchains -A output -j ACCEPT -i $EXTIF -p udp -s $EXTIP 500 -d $VPNHOST1
/sbin/ipchains -A output -j ACCEPT -i $EXTIF -p 50 -s $EXTIP -d $VPNHOST1
where: EXTIF is eth0 or the one on the internet
EXTIP is the external ip assisgned by your ISP
VPNHOST1 is the ip address of the remote Nortel host
Also must have the VPN masq patch in the kernel
Works fine for me under 3.0.?
Best
Cokey
--
------------------------------------------------------------------
F. 'Cokey' de Percin, DBA Email:
CSC (formerly Mynd) Work - [EMAIL PROTECTED]
Columbia, South Carolina Home - [EMAIL PROTECTED]
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
