On Monday 17 February 2003 11:16 am, [EMAIL PROTECTED] wrote: > Lynn, > > I added the rules you suggested. The net ipfilter list output is added > at the end of this email. Still no connection. > > It all helps and thanks for your input. At least now I know how to > export the output of 'net ipfilter list'.
Protocol 51 is still not open, but you have opened proto 47 (GRE). Are you running a PPTP tunnel as well (Uses GRE)? I know that someone reported needing to open GRE to make an IPSec connection to a Cisco box, but I really doubt it since GRE is not a part of the IPSec protocol in any RFC that exists. The problem that particular person had was entering the wrong username/password IIRC. Send a copy of your /etc/network.conf file and I'll see if I can fix it for you (off-list). There is something in there that isn't right. > > Where exactly is this error coming from? > > Not the LEAF box, correct! > > Correct, these messages came from the Cisco client log. Ok, so your initializing the connection to the Cisco, but the replies from the Cisco don't get back to your LAN machine. There should be denied packets in your Dachstein logs if this is the case. > Chain input (policy DENY: 2 packets, 726 bytes): > pkts bytes target prot opt tosa tosx ifname mark > outsize source destination ports > 0 0 ACCEPT udp ------ 0xFF 0x00 > eth0 0.0.0.0/0 > 0.0.0.0/0 * -> 500 > 0 0 ACCEPT 50 ------ 0xFF 0x00 > eth0 0.0.0.0 > 12.237.136.59 n/a > 0 0 ACCEPT 47 ------ 0xFF 0x00 > eth0 0.0.0.0 Masq-ed > 0.0.0.0/0 500 -> * > PortFW: > prot localaddr rediraddr lport rport pcnt > pref > UDP 12.237.136.59 192.168.1.3 500 500 > 10 10 Other than that I can't say, unless there is something Cisco-specific that I am not aware of. I would check your logs for a denied packet or two from the Cisco VPN end-point. -- ~Lynn Avants Linux Embedded Firewall Project developer http://leaf.sourceforge.net ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
