I seem to remember specifically allowing this UDP years ago when I used iptables, ipfwm and ipchains.
Once these rules were in place, the Cisco VPN (encapsulated inside UDP) worked fine. Frank > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Dennis > Burgess - 2K Wireless > Sent: Monday, January 15, 2007 4:36 PM > To: 'WISPA General List' > Subject: RE: [WISPA] IPsec/UDP and my border NAT gateway > > In case someone ddi'ent say, if they are using CISCO IPSEC, > etc, what happen > is this. > > 1. Client requests via TCP to start a VPN session > 2. Server sends back UDP packets to start the session > 3. NAT/MASQ blocks these un-authed UDP packets. > > The two anaswers are. > > 1. Tell the customer to change their CISCO VPN client to TCP, > works just as > good. > 2. Have the customer pay for a business account and a static IP. > > Those are my options for these customers, I have a number of them. > > Denni > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of rabbtux rabbtux > Sent: Monday, January 15, 2007 1:45 PM > To: WISPA General List > Subject: [WISPA] IPsec/UDP and my border NAT gateway > > Anyone have suggestions on what I need to do to allow my customer to > do this type of VPN. I currently have customers behind my > linux/iptables firewall that masquerades them out a single IP. This > is the first customer who is having problems. Do I need a special > rule to accomodate them?? > > The customer is using CenterBeam VPN services, and they tell him that, > "your isp is blocking VPN pass thru". I'm not blocking anything. > help! > > Thank you kindly, > marshall > -- > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > -- > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
