[olug] web submission

[VincentR]

Put simply, the Cisco VPN clients suck.  I've heard they are better than most,
but it's still crap.
I've worked with it a lot recently and even found a bug which keeps it from
running on recent 2.4 kernels...

Once started, it seems to somehow disable any NAT or forwarding.  I read that
enabling "local lan" and "local nat" on the concentrator should help, but our
Cicso guy isn't sure how how to do it (or not willing).  It will also close any
sockets (outside of the secure link) which have been idle for a few minutes.

I've found that I'm better off just tunnelling through ssh.

----- Original Message -----
From: "Brian Roberson" <roberson at olug.org>
To: <olug at olug.org>
Sent: Thursday, April 18, 2002 12:47 PM
Subject: [olug] web submission


this was posted to the website.... no idea why it was posted as "NEWS" , but I
thought I would post it here instead... if anything, it will go into the mail
archive ;-)



IPtables using NAT VPN CLIENT TROUBLE

Currently I am trying to run a cisco vpn client connection to a client through
the IPtables firewall. I can connect, but when I try to connect another
workstation while I am connected, it either discounts or just hangs. Basically I
can only connect one workstation at a time to a customer's vpn going through are
NAT'd IPtables firewall. I think I need to do a one to one NAT but I am not sure
which protocols and ports and the exact syntax needed. Example IP Setup
Customer's VPN Server 222.xxx.xxx.xxx Firewall Public IP 65.xxx.xxx.xxx Internal
Firewall IP 10.37.5.1/16 Internal network workstation 10.37.11.x/16 Please Help
is it possible?



-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

For help contact olug-help at olug.org - run by ezmlm
to unsubscribe, send mail to olug-unsubscribe at olug.org
or `mail olug-unsubscribe at olug.org < /dev/null`
(c)1998-2002 OLUG http://www.olug.org

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_