IPSEC uses the GRE, but also traverse UDP. CISCO VPN clints do use UDP, they use GRE to do the establishment sometimes as well. The Cisco VPN client is a pain, regardless, but there is a option for TCP connectivity.
Dennis -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank Sent: Monday, January 15, 2007 5:05 PM To: 'WISPA General List' Subject: RE: [WISPA] IPsec/UDP and my border NAT gateway A "Standard" Ipsec VPN will use GRE, protocol 47: http://www.iana.org/assignments/protocol-numbers It's not UDP. It appears that CenterBeam VPN uses Cisco gear: http://newsroom.cisco.com/dlls/prod_121201.html If this is the case, then they should be able to encapsulate this into UDP or IP and this should allow the client inside your network to connect. You may need to verify that your iptables rules are allowing "any" UDP traffic. The Cisco PIX firewalls and their VPN hardware support this type of encapsulation expressly for the purpose of passing through NAT gateways. If the VPN client is not configured for UDP or TCP then there is likely nothing you can do since GRE and NAT are not always friendly to each other. Verify that the Cisco Software VPN client on your customer's PC is set to encapsulate (tunnel) within UDP. You may need some diagnostic tools like a sniffer (ethereal.com) or use tcpdump within your Linux firewall. Also, logging dropped packets in your iptables firewall may also be of assistance. Thank you Frank Keeney Pasadena Networks, LLC Antennas, Cables and Equipment: http://www.wlanparts.com > -----Original Message----- > From: rabbtux rabbtux > > Anyone have suggestions on what I need to do to allow my customer to > do this type of VPN. I currently have customers behind my > linux/iptables firewall that masquerades them out a single IP. This > is the first customer who is having problems. Do I need a special > rule to accomodate them?? > > The customer is using CenterBeam VPN services, and they tell him that, > "your isp is blocking VPN pass thru". I'm not blocking anything. > help! > > Thank you kindly, > marshall -- WISPA Wireless List: firstname.lastname@example.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: email@example.com Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/