Connecting to Cisco VPN concentrator
Brett Glass
brett at lariat.org
Thu Oct 16 15:13:24 PDT 2003
Here's an interesting problem that I'm not sure how to solve. A user,
whose machine runs Windows, connects to his ISP via PPTP (he can also use
PPPoE, but there's no change in what happens). Once on the Internet, he
wants to use the Cisco VPN client software to tunnel into a LAN at the office.
Trouble is, as soon as the Cisco VPN client fires up on his Windows
machine, it blocks the PPTP or PPPoE connection. In short, it strangles
itself by cutting off the link over which it must connect. With the
machine no longer able to reach the Internet, the VPN connection can't
work, and everything falls apart.
Cisco's literature hints that the Cisco VPN client contains a built-in
firewall which downloads rules from the Cisco VPN router (which Cisco
calls a "concentrator") as it connects. But I've explored the
configuration of the concentrator, and the rules appear to allow pretty
much everything through, including GRE and PPTP.
I've also tried to see if the user can connect to the VPN concentrator
using the built-in VPN software in Windows rather than the special Cisco
VPN client software. So far, the answer is "Yes, but not in a way that's
useful." I can only connect to the VPN concentrator via PPTP when
encryption is turned off, thus defeating the purpose of having a VPN in
the first place. When I tell the Windows system to require encryption,
the connection fails.
Does anyone have experience with connecting to Cisco VPN concentrators --
using either Cisco's VPN client software for Windows or a the PPTP or
L2TP client software built into Windows?
--Brett
More information about the freebsd-net
mailing list