Date: Wed, 17 Feb 2010 17:32:05 -0600 From: "Gary Gatten" <Ggatten@waddell.com> To: <cswiger@mac.com>, <btillman99@yahoo.com> Cc: freebsd-questions@freebsd.org Subject: Re: FreeBSD to Cisco ASA 5505 VPN Connection Message-ID: <15453_1266449569_4B7C7CA1_15453_1931_1_70C0964126D66F458E688618E1CD008A08CCF5A8@WADPEXV0.waddell.com>
next in thread | raw e-mail | index | archive | help
Its ESP, not EPS. And NAT traversal / UDP encapsulation is liklely needed, that's the 4500 and 10000 ports. ----- Original Message ----- From: owner-freebsd-questions@freebsd.org <owner-freebsd-questions@freebsd.org> To: Bill Tillman <btillman99@yahoo.com> Cc: freebsd-questions@freebsd.org <freebsd-questions@freebsd.org> Sent: Wed Feb 17 17:17:58 2010 Subject: Re: FreeBSD to Cisco ASA 5505 VPN Connection Hi-- On Feb 17, 2010, at 3:06 PM, Bill Tillman wrote: > The tech told me that I need to forward ports 500 and 4500 with my FreeBSD router to the small VPN router inside my LAN. That's simple enought but then he tells me I need to redirect all EPS and all AH traffic as well. I guess this is where FreeBSD+NATD+IPFW hits the wall when working with Cisco or is it? I gotta believe this can work but I don't know how the heck to do it and the tech at our IT consultant is totally lost when it comes to anything besides Cisco equipment. > Has anyone got a suggestion on how to do a port redirect with natd to pickup these EPS and AH packets. I added some new lines to my /etc/natd.conf file and the AH part seemed ok but the console screen immediately said what the heck is EPS. And worse it did not work. Only when I put the VPN router outside of my existing router does this setup work. I really want to keep this thing inside my LAN or even better would be how do I get my existing router to work as a VPN on it's own? When I was dealing with the Cisco VPN client, I was doing so with IPFW+natd and you need 500/udp, 4500/udp, 62515/udp, 1723/tcp, 10000/tcp, and the GRE protocol. In my case, /etc/natd.conf contained: punch_fw 10000:100 redirect_proto gre 10.1.1.247 redirect_port udp 10.1.1.247:500 500 redirect_port udp 10.1.1.247:4500 4500 redirect_port udp 10.1.1.247:62515 62515 redirect_port tcp 10.1.1.247:10000 10000 redirect_port tcp 10.1.1.247:pptp pptp ...to send the traffic to a VPN endpoint located at IP 10.1.1.247. Regards, -- -Chuck _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" <font size="1"> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'> </div> "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." </font>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15453_1266449569_4B7C7CA1_15453_1931_1_70C0964126D66F458E688618E1CD008A08CCF5A8>