iptables for IPSec (Cisco VPN) - where can I find a sample configuration?

iptables for IPSec (Cisco VPN) - where can I find a sample configuration?

Post by arab » Fri, 26 Sep 2003 01:52:01



I have been unsuccessful in finding an iptables configuration that
allows my Windows 2000 workstation to establish a VPN connection
through my Linux firewall.

Someone please share his/her working configuration for iptables with
me. I'd appreciate that very much!

My setup is:
  Linux firewall (RedHat 7.2) with iptables, connecting over ADSL
  The Windows workstation is running Cisco's VPN
I have tried many different ways to get this to work, including
allowing udp and ip 50 traffic. However I fail to ever get beyond the
first isakamp handshake. When doing a tcpdump on ppp0 while attempting
a connection, I get nothing more than the following before the VPN
client gives up:
   # tcpdump -n -t -i ppp0
   <fw_outside_IP>.isakmp > <VPN_gw_IP>.isakmp: isakmp: phase 1 I agg:
[|sa]
   <fw_outside_IP>.isakmp > <VPN_gw_IP>.isakmp: isakmp: phase 1 I agg:
[|sa]
   <fw_outside_IP>.isakmp > <VPN_gw_IP>.isakmp: isakmp: phase 1 I agg:
[|sa]
where
   "fw" stands for the Linux firewall, and
   "gw" stands for the gateway on the other end (corporate Cisco
concentrator).

Thanks a lot.
--Ulf

 
 
 

1. iptables for IPSec (Cisco VPN) - where can I find a sample configuration?

I have been unsuccessful in finding an iptables configuration that
allows my Windows 2000 workstation to establish a VPN connection
through my Linux firewall.

Someone please share his/her working configuration for iptables with
me. I'd appreciate that very much!

My setup is:
  Linux firewall (RedHat 7.2) with iptables, connecting over ADSL
  The Windows workstation is running Cisco's VPN
I have tried many different ways to get this to work, including
allowing udp and ip 50 traffic. However I fail to ever get beyond the
first isakamp handshake. When doing a tcpdump on ppp0 while attempting
a connection, I get nothing more than the following before the VPN
client gives up:
   # tcpdump -n -t -i ppp0
   <fw_outside_IP>.isakmp > <VPN_gw_IP>.isakmp: isakmp: phase 1 I agg:
[|sa]
   <fw_outside_IP>.isakmp > <VPN_gw_IP>.isakmp: isakmp: phase 1 I agg:
[|sa]
   <fw_outside_IP>.isakmp > <VPN_gw_IP>.isakmp: isakmp: phase 1 I agg:
[|sa]
where
   "fw" stands for the Linux firewall, and
   "gw" stands for the gateway on the other end (corporate Cisco
concentrator).

Thanks a lot.
--Ulf

2. Where is kppp looking for pppd?

3. IPSec/VPN to Cisco router with IPSec IOS ?

4. Removing Linux

5. Cisco IPSEC VPN to CheckPoint firewall and linux server concern

6. not good with shell scripting, but learning

7. IPSec/VPN OpenBSD to Cisco IOS

8. New CAD System for LinuxPPC

9. IPSec Tunnel, PIX to Cisco VPN Client Solaris

10. IPSec/VPN between OBSD 2.7 and Cisco IOS

11. IPSec tunnel to Cisco vpn 3000 concentrator

12. IPTABLES with cisco VPN software

13. Cisco VPN CLient: iptables rules