Date: Wed, 17 Feb 2010 15:17:58 -0800 From: Chuck Swiger <cswiger@mac.com> To: Bill Tillman <btillman99@yahoo.com> Cc: freebsd-questions@freebsd.org Subject: Re: FreeBSD to Cisco ASA 5505 VPN Connection Message-ID: <F94B1CD5-AF3B-489C-9478-39472E0BCFD0@mac.com> In-Reply-To: <423500.61895.qm@web36502.mail.mud.yahoo.com> References: <423500.61895.qm@web36502.mail.mud.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi-- On Feb 17, 2010, at 3:06 PM, Bill Tillman wrote: > The tech told me that I need to forward ports 500 and 4500 with my FreeBSD router to the small VPN router inside my LAN. That's simple enought but then he tells me I need to redirect all EPS and all AH traffic as well. I guess this is where FreeBSD+NATD+IPFW hits the wall when working with Cisco or is it? I gotta believe this can work but I don't know how the heck to do it and the tech at our IT consultant is totally lost when it comes to anything besides Cisco equipment. > Has anyone got a suggestion on how to do a port redirect with natd to pickup these EPS and AH packets. I added some new lines to my /etc/natd.conf file and the AH part seemed ok but the console screen immediately said what the heck is EPS. And worse it did not work. Only when I put the VPN router outside of my existing router does this setup work. I really want to keep this thing inside my LAN or even better would be how do I get my existing router to work as a VPN on it's own? When I was dealing with the Cisco VPN client, I was doing so with IPFW+natd and you need 500/udp, 4500/udp, 62515/udp, 1723/tcp, 10000/tcp, and the GRE protocol. In my case, /etc/natd.conf contained: punch_fw 10000:100 redirect_proto gre 10.1.1.247 redirect_port udp 10.1.1.247:500 500 redirect_port udp 10.1.1.247:4500 4500 redirect_port udp 10.1.1.247:62515 62515 redirect_port tcp 10.1.1.247:10000 10000 redirect_port tcp 10.1.1.247:pptp pptp ...to send the traffic to a VPN endpoint located at IP 10.1.1.247. Regards, -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F94B1CD5-AF3B-489C-9478-39472E0BCFD0>