how to enable ipsec over firewall?
Hi List, I need to have access to an external cisco VPN 5000 system from a windows box through a Suse Linux Masquarading Router (NAT to german T-DSL), the Suse Linux is 6.4 with a 2.2er kernel. In case someone knows about the 8er 2.4 kernel-firewall2-config please answer as well we might be able to update this. As far as I understand, Ip Port 50 and UDP 500 play a special role - but aren't all ports masquaraded by default? I mean, I can use HTTP, FTP (passive), HTTPS, peer to peer networking, do I have to add extra rules for 500 or 50? How do I do that? Do I need to apply a kernel patch? Thanks in advance Jochen
Am Mon, 2002-09-16 um 21.23 schrieb Jochen Staerk:
Hi List, I need to have access to an external cisco VPN 5000 system from a windows box through a Suse Linux Masquarading Router (NAT to german T-DSL), the Suse Linux is 6.4 with a 2.2er kernel.
[...anything that doesn't matter here...] It will not work! The problem is, IP protocol 50 (ESP) will not be NATed correctly. There is only the possibility to use encapsulated ESP (ESP over UDP). For Windows there is AFAIK only the F-Secure VPN Version 5.40 that supports ESPoUDP only! against a F-Secure Gateway. FreeS/WAN has NAT-Traversal in a patch, i think... regards, good luck, Erik
-- we strongly urge you, to use encryption http://gnupg.org "If you think cryptography will solve the problem, then you don't understand cryptography and you don't understand your problem."
Hi List, I need to have access to an external cisco VPN 5000 system from a windows box through a Suse Linux Masquarading Router (NAT to german T-DSL), the Suse Linux is 6.4 with a 2.2er kernel.
The problem is, IP protocol 50 (ESP) will not be NATed correctly. There is only the possibility to use encapsulated ESP (ESP over UDP). For Windows there is AFAIK only the F-Secure VPN Version 5.40 that supports ESPoUDP only! against a F-Secure Gateway.
FreeS/WAN has NAT-Traversal in a patch, i think...
could you tell me if that patch would be of any use if the protocol can not be natted correctly? And if ESPoUDP is used, how would it work then? Any problems with hardware routers?
regards, good luck,
thanks Jochen
: On Mon, 16 Sep 2002 21:23:38 +0200, Jochen Staerk wrote:
I need to have access to an external cisco VPN 5000 system from a windows box through a Suse Linux Masquarading Router (NAT to german T-DSL), the Suse Linux is 6.4 with a 2.2er kernel.
While I have never tried this with a _SuSE_ router, experience shows
that
W2K client -> Linux NAT router -> IPSec server
192.168.x.x
participants (3)
-
jader35@t-online.de
-
Jochen Staerk
-
Stefan Hoffmeister