Date: Thu, 16 Oct 2003 16:13:19 -0600 From: Brett Glass <brett@lariat.org> To: net@freebsd.org Subject: Connecting to Cisco VPN concentrator Message-ID: <6.0.0.22.2.20031016160155.038eca38@localhost>
next in thread | raw e-mail | index | archive | help
Here's an interesting problem that I'm not sure how to solve. A user, whose machine runs Windows, connects to his ISP via PPTP (he can also use PPPoE, but there's no change in what happens). Once on the Internet, he wants to use the Cisco VPN client software to tunnel into a LAN at the office. Trouble is, as soon as the Cisco VPN client fires up on his Windows machine, it blocks the PPTP or PPPoE connection. In short, it strangles itself by cutting off the link over which it must connect. With the machine no longer able to reach the Internet, the VPN connection can't work, and everything falls apart. Cisco's literature hints that the Cisco VPN client contains a built-in firewall which downloads rules from the Cisco VPN router (which Cisco calls a "concentrator") as it connects. But I've explored the configuration of the concentrator, and the rules appear to allow pretty much everything through, including GRE and PPTP. I've also tried to see if the user can connect to the VPN concentrator using the built-in VPN software in Windows rather than the special Cisco VPN client software. So far, the answer is "Yes, but not in a way that's useful." I can only connect to the VPN concentrator via PPTP when encryption is turned off, thus defeating the purpose of having a VPN in the first place. When I tell the Windows system to require encryption, the connection fails. Does anyone have experience with connecting to Cisco VPN concentrators -- using either Cisco's VPN client software for Windows or a the PPTP or L2TP client software built into Windows? --Brett
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6.0.0.22.2.20031016160155.038eca38>