Re: Nortel Vpn client, behind a Linux Iptables firewall

From: BroncoFan (zeke@likaloo.com)
Date: 12/03/02 

From: "BroncoFan" <zeke@likaloo.com>
Date: Tue, 3 Dec 2002 06:50:55 -0700

Thanks,

Angel

I don not have a port forwared set up I have those rules in the Forward
chain, since I am masquerading. I have nothing in the pre-routing change.
I have noticed that when I do a tail -f /var/log/messages I see that the
client is trying to connect to port 1443, but I think that the vpn server
and the client are doing some dynamic port exchanges, does iptables support
that? Any other suggestions would be greatly appreciated.

Thanks

"Angel" <enough@spam_already> wrote in message
news:3dec867e$0$299$bed64819@pubnews.gradwell.net...
> BroncoFan wrote:
> > Has anyone ran across a problem with getting nortel networks vpn client
to
> > work with iptables masquerade.
> >
> > I have in the forward chain to forward
> > tcp 1443
> > tcp 500
> > udp 500
> > protocols 47, 50, 51
> >
> > Any help will be greatly appreciated
> >
> > Thanks,
> >
> > Micah Shelton
> >
> >
>
> If all you using is the nortel vpn client on a single machine behind the
> firewall and thus initiating the vpn connection from that machine and
> not the other end of the link then there is no need to have any port
> forwarding on the firewall.
>
> One the client initiates the connection the NAT table will take care of
> delivering the returning/incoming packets to the correct client.
>
> I suggest you remove the port forwarding and test the connection.
>
> You should also check that both the client software and the vpn end
> point are sufficiently late enough to have NAT traversal support. If
> they don't, it won't prevent you from connecting but when the time comes
> for it re-key it will fail and the connection will be terminated.
>
> Angel
>

Relevant Pages

  • RE: VPN connection
    ... I understand that when you try to establish a VPN ... connection from a remote client, the connection terminated in the process ... Please temporarily place a client directly connected to the external NIC ... of the SBS Server. ...
    (microsoft.public.windows.server.sbs)
  • RE: Problems with connectcomputer and active directory
    ... I understand that you would like to join a remote client to the domain. ... If you have hardware VPN tunnel setup using Linksys or others, ... In this scenario you have to configure the SBS Server computer to enable ... Create a VPN connection to ISA/RRAS on the Internet ...
    (microsoft.public.windows.server.sbs)
  • RE: VPN timeouts
    ... I do not use ISA & was wondering if there is a configurable option on the ... You remote clients VPN connection will timeout while trying to connect SBS ... between remote client and SBS server which caused by lack of network ...
    (microsoft.public.windows.server.sbs)
  • RE: VPN fail to connect
    ... How do you configure the VPN connection? ... Please logon to an internal client computer, ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN issues on SBS2003 with ISA 2004 installed
    ... Based on our work above, it seems the problem in client side, so I suggest ... and then click the Network and Dial-up ... Right-click the VPN connection that you want to change, ...
    (microsoft.public.windows.server.sbs)