RE: [fw-wiz] Cisco Remote Access VPN Problem

From: Firewall-Wizards (Firewall-Wizards_at_govnet.gov.fj)
Date: 09/08/05

  • Next message: Mason Schmitt: "Re: [fw-wiz] The home user problem returns" 
    To: <firewall-wizards@honor.icsalabs.com>
Date: Thu, 8 Sep 2005 16:59:40 +1200

     
    Yep. Tried that before. No luck :-(

    -----Original Message-----
    From: firewall-wizards-admin@honor.icsalabs.com
    [mailto:firewall-wizards-admin@honor.icsalabs.com] On Behalf Of Paul
    Melson
    Posted At: Thursday, September 08, 2005 6:22 AM
    Posted To: Firewall-Wizards
    Conversation: [fw-wiz] Cisco Remote Access VPN Problem
    Subject: RE: [fw-wiz] Cisco Remote Access VPN Problem

    Static arp entries using the arp command won't help. Enabling proxy-arp
    on
    FE0/1 might.

    PaulM

    -----Original Message-----
    Subject: [fw-wiz] Cisco Remote Access VPN Problem

    Hi Folks

    I can get the tunnel successfully established ,the client successfully
    authenticated with RADIUS, SA's formed and virtual ips (from the dmz)
    assigned to the remote vpn client. There's static routes present on the
    2600 to route internal network traffic to the dmz gateway (ie. fw) which
    subsequently has rules to route these vpn traffic inside the internal
    network.

    ..

    As a workaround, i tried putting in some static arp entries on the fw ,
    for these virtual ips to point to physical dmz interface of the vpn
    device The ensuring result was that return traffic made it way back to
    the vpn device, but then couldn't get to the actual vpn client :-(

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Mason Schmitt: "Re: [fw-wiz] The home user problem returns"

    Relevant Pages

    • RE: [fw-wiz] Cisco Remote Access VPN Problem
      ... Static arp entries using the arp command won't help. ... I can get the tunnel successfully established,the client successfully ... assigned to the remote vpn client. ... subsequently has rules to route these vpn traffic inside the internal ...
      (Firewall-Wizards)
    • Re: VPN Routing Problem
      ... "route print" showed the absence of any path for 172.16.200.0 traffic, which of course is why it was getting routed through the default gateway. ... Of course, when the VPN Server decides to allocate a different IP address to the client, I wonder if the route will once more fail? ... I can't put IP reservations onto the DCHP server associated with the VPN service, so can only influence the range of IP addresses given. ...
      (alt.os.windows-xp)
    • RE: Route added by RRAS that overrides local LAN route on NIC
      ... I am using SBS as the VPN server. ... The route I am speaking of is the route to local LAN that is put in the ... After the RAS client connects there is another route added so the two ...
      (microsoft.public.windows.server.sbs)
    • RE: Prividing Intranet Website Access To External Users
      ... If you use VPN IPSec you get access to ALL lan, after you need start to close access, the one that remanis open is the problem, does you remember Murphy?. ... Can by installed in DMZ, double firewall, internaly and others. ... > The web server is IIS on windows2003. ... > intranets to the internet in a secure manner. ...
      (Security-Basics)
    • Re: Using pptp as VPN on FB7
      ... is the address of the VPN server, it is also the IP address of VPN gateway when I connected to the VPN tunnel. ... I think may be the route command in the mpd5 is something wrong or out-of-date? ... IPCP: LayerStart ... CCP: LayerStart ...
      (comp.unix.bsd.freebsd.misc)