Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 33 replies
  • Subscribers 1 subscriber
  • Views 16403 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cisco vpn client

gnomme
I cant connect with cisco client, even if I transport over tcp port, by example 443. Is there any special port to setup in my modem router firewall?
what are the ports need to be opened?

thanks


This thread was automatically locked due to age.
  • 0 in reply to gnomme
    If you're not using publicly routable addresses internally, then you need to use masquerading for each of your internal networks, and also for VPN clients if you want them to be able to use the internet.

    In Astaro, Masq is setup in Network Security - NAT.

    Barry
  • 0 in reply to BarryG
    Sorry, gnomme, I was just busy, not trying to be curt.  "Masquerading" just means that outbound packets each appear to come from the public IP of the interface, and that the router keeps track of which response goes to which internal IP address.  You'll also hear this referred to as "NATting.

    Cheers - Bob
    "
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Sorry, gnomme, I was just busy, not trying to be curt.  "Masquerading" just means that outbound packets each appear to come from the public IP of the interface, and that the router keeps track of which response goes to which internal IP address.  You'll also hear this referred to as "NATting.

    Cheers - Bob
    "


    ok, no problem.

    Now I still have one problem. When connected to cisco VPN, I am able to ping any ip of ny internal network, but none of external including http traffic etc.
  • 0 in reply to gnomme
    As BarryG said above (my bolding):
    you need to use masquerading for each of your internal networks, and also for VPN clients
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    As BarryG said above (my bolding):


    I try that but still no http

    se the print please
  • 0 in reply to BAlfson
    Also, have you added the VPN network to the HTTP Proxy?
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Also, have you added the VPN network to the HTTP Proxy?


    I have no proxy...no need for that
  • 0 in reply to gnomme
    Do you have a packet filter rule like the following?

    'VPN Pool (Cisco) -> HTTP -> Any : Allow'

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Do you have a packet filter rule like the following?

    'VPN Pool (Cisco) -> HTTP -> Any : Allow'



    yep...
    whith ssl vpn on my computer it work fine...
  • 0 in reply to gnomme
    So, it's working with the SSL VPN client, but not the Cisco client?

    PS And you have automatic packet filter rules enabled for 'Any' in the Cisco setup?
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Cookie Information Banner