Tom's Hardware > Forum > General Networking > General Gateways, Routers and Firewalls > Cisco VPN Client behind Filanet Interjak 200

Cisco VPN Client behind Filanet Interjak 200

Forum General Networking : General Gateways, Routers and Firewalls - Cisco VPN Client behind Filanet Interjak 200

Tom's Hardware: Over 1.4 million members in 6 different countries available to answer all your high-tech questions. Sign up now! Its free!
Ask the community Add a reply
Word :    Username :           
 
mvip   01-03-2006 at 01:24:41 AM

Hi,
I have a bit of problem getting my Cisco VPN client to work behind my newly installed Filanet Interjak 200. The weird thing is that everything worked without any problems at all behind my previous linux-firewall, without any port forwarding or anything. Now, when I try to connect, the application gives me "Remote peer no longer responding."

I think the problems relates to the fact that the Interjak has a built-in IPSec feature, that makes it able to connect the entire network to VPN server, but I'm not using that feature.

I've tried a variety of different approaches to solve this, everything from port forwarding the ports ( UDP ports 500 and 10000 ) as well as allowing ESP and AH trafic between the hosts.

Anyone got any experience dealing with Interjaks or Cisco VPN clients behind routers?

mvip

Add a reply
Sponsored Links
Register or log in to remove.
Riser   01-03-2006 at 09:55:50 PM
- 0 +

Make sure you have VPN password/IPSec passthrough enabled beyond the firewall. It may have it blocking that.. or disable or enable it, which ever it is. It could be the firewall doesn't want another VPN running through it.

Reply to Riser
mvip   01-03-2006 at 10:21:06 PM
- 0 +

I think it is the latter...Since it's has a built IPSec client, I guess the makers of it doesnt want IPSec traffic through it. I've tried to disable and enable all features related to this without any success.

Any Interjak owners out there who knows how to solve this?

Reply to mvip
folken   01-05-2006 at 08:47:06 PM
- 0 +

Google tells me this for the cisco vpn client: "If you are running a firewall, you must allow TCP port 50, UDP ports 500 and 10000, and protocol types (not ports) 50 and 51"

I think the newer linux kernels dont nativley allow vpn passthrough. I had that problem with my clarkconnect box and they said it was because of the new kernel. I had to forward ports to make the windows vpn work (clark connect had a vpn forward option, doesn't show the ports).

Reply to folken
crabbshack   01-24-2006 at 01:07:05 PM
- 0 +

Stranger - did you resolve this? I have the same problem with my Interjak 200 FW, but with an added level of complexity. The only way that I can modify my FW is to telnet thru the command line. The web GUI tells me that it does not support the version of Java that I am running...and believe me I have tried many versions with no success.

Ordinarily it's not a problem to use the CLI, but I cannot find the commands necessary to open/close the FW ports to allow/deny IPSec traffic from my Cisco client.

Any assistance you could provide on this would be awesome!

Dazed and confused,
Crabbshack

Reply to crabbshack
folken   01-24-2006 at 05:34:49 PM
- 0 +

This might help a bit: http://ftp.liga.dk/pub/filanet/manualer/AdminGuide.pdf

It seems that thing is running more of a standard linux. Couldn't find what distro it is based off of but I'm sure it is using something standard for the firewall. Lots of appliances base themselves off redhat so I'd start there for command lists.

Reply to folken
crabbshack   01-25-2006 at 01:57:43 AM
- 0 +

Ok fixed the ability to login to the FW through the web interface. That makes things a bit easier, however, I changed the ports..adding 50,51, 500, and 10000 for IPSec with no luck. When I disable the FW I can get through no problems with my Cisco VPN client running on my laptap, so there is definitely something missing with respect to the proper ports being open on the FW.

I feel I'm getting closer and will post again soon hopefully with a resolution on this.

Cheers,
Crabbshack

Reply to crabbshack
moskla   03-14-2006 at 03:38:24 AM
- 0 +

Using the InterJak firewall logging mechanism is usually an effective way to pinpoint these types of connection problems. The log entries will contain both protocol type and port numbers of dropped/rejected packets.
You will probably have to create one or more firewall services, and the add the appropriate firewall rules to accept these services. The important thing is to make the service specifications as narrow as possible.

Reply to moskla
Ask the community Add a reply
Tom's Hardware > Forum > General Networking > General Gateways, Routers and Firewalls > Cisco VPN Client behind Filanet Interjak 200
Go to:

There are 456 identified and unidentified users. To see the list of identified users, Click here.

Forum map
Bestofmedia Forum ©
2000-2009 Bestofmedia Group
Page generated in 0.454 seconds
Please mind

You are about to answer a thread that has been inactive for more than 6 months.
If you still wish to proceed, please ensure that your posting is original and does not duplicate or overlap any prior responses to this thread.

Add a reply Cancel
Sponsored links
  • Ask the community now
  • Publish
Ad
Related Topics
See all relatives topics
They won a badge
Join us in greeting them