Re: [leaf-user] Need help with Cisco VPN client through (Dachstein)LRP

[Jeff Newmiller]

On Sat, 21 Dec 2002, Colin Helliwell wrote:

> I have an LRP box (running a Dachstein distribution) which has been working
> fine for months doing the 'basic' internet access stuff. I now have a Cisco
> VPN client installed on my company laptop and am having trouble getting it
> to work through the router to the company server - it is currently failing
> in the initial 'IKE' negotiation phase, from what I can tell.
> Could anyone please advise on what configuration changes would be needed to
> LRP and its filter rules etc to get it connecting? The client software is
> configured to use UDP rather than TCP. I have looked at a load of howto's
> and previous postings, but they mostly seem to refer to when the router box
> is one end of the VPN which I don't think applies in my case - I just need
> it to route the traffic between my client and company server.
> 
> Any advice much appreciated.

I don't think IKE is supported for masquerading.  The problem is that it
encodes the network information for the client inside the protocol, and
that protocol is proprietary so it is not possible to make masquerading
module to support forwarding that traffic.  The Cisco is seeing your
private addresses inside the encrypted packets and giving up on you.

Get your admins to enable IPSec or make your connection from outside your
network.

---------------------------------------------------------------------------
Jeff Newmiller                        The     .....       .....  Go Live...
DCN:<[EMAIL PROTECTED]>        Basics: ##.#.       ##.#.  Live Go...
                                      Live:   OO#.. Dead: OO#..  Playing
Research Engineer (Solar/Batteries            O.O#.       #.O#.  with
/Software/Embedded Controllers)               .OO#.       .OO#.  rocks...2k
---------------------------------------------------------------------------



-------------------------------------------------------
This SF.NET email is sponsored by: Order your Holiday Geek Presents Now!
Green Lasers, Hip Geek T-Shirts, Remote Control Tanks, Caffeinated Soap,
MP3 Players,  XBox Games,  Flying Saucers,  WebCams,  Smart Putty.
T H I N K G E E K . C O M       http://www.thinkgeek.com/sf/
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html