Re: [pfSense Support] Solution: Re: [pfSense Support] VPN & NAT Traversal (CISCO VPN Client)

Fri, 18 Nov 2005 21:42:48 -0800

It did not work with IPSec Passthrough disabled. I must have tested too quickly after disabling it. I tried again an hour later and I could not connect to the office. I enabled passthrough and I was fine. 

Sorry for any confusion.


Chris wrote:
I banged my head on this for a while before I realized our network admin probably had the Cisco PIX VPN config to only work with UDP, not TCP. Our default config is to use UDP, but that didn't work for me on pfsense v.86. After I read the e-mail below I stopped trying to connect over UDP. (Stupid me. I'm a sysadmin, not a netadmin.) While I was typing up the "please help me" e-mail I realized that TCP was not configured at the endpoint in the office, and for giggles I tried UDP. I was amazed at how fast it connected. It worked with IPSec Passthrough disabled and enabled.
This was killing me because pfsense was noticeably faster than my old LinkSys, but VPN had to work so I could connect to my office. 


Thanks for a fast and easy firewall!

Chris


stephan schneider wrote:


> i am trying to get a (NATed) connection to an external VPN using
> > the cisco vpn client. Unfortunately it just doesn't work -
> > no connection. I added the port 500 (isakmp) and allowed ESP to pass
> > the firewall. But I think there's more to do to get NAT-Traversal
> > to work  :-(

Got the solution.

In the vpn client connection configuration you have to choose
"IPSec over TCP" and of course "Enable Transparent Tunnel".


No custom rules, no "IPSec passthru" (that's a different approach),
no custom nat rules (only the default: nat all lan) are needed.


Thanks Bill!
Have a nice day.
Stefan.

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to