Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 12 replies
  • Subscribers 1 subscriber
  • Views 3387 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cisco VPN: unable to browse

wingman
Hi All

I've just set up cisco VPN and I am able to connect to my home address. The vpn clients get an ip from the DHCP VPN cisco pool (10.242.5.0/24) . I am unable to connect to local resources or browse the internet. Cisco vpn client is allowed under the HTTP proxy, packet filter fules. I have no NAT /Mas in place at the moment for the vpn

I am however, getting the following on the pf:

2009:08:01-20:44:46 stuffman ulogd[3320]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth1" outitf="eth2" dstmac="00:b0:c2:02:e4:4f" srcmac="00:b0:c2:02:e3:c7" srcip="10.242.5.1" dstip="10.255.255.255" proto="17" length="78" tos="0x00" prec="0x00" ttl="127" srcport="137" dstport="137" 
2009:08:01-20:45:00 stuffman ulogd[3320]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth1" outitf="eth2" dstmac="00:b0:c2:02:e4:4f" srcmac="00:b0:c2:02:e3:c7" srcip="10.242.5.1" dstip="10.255.255.255" proto="17" length="78" tos="0x00" prec="0x00" ttl="127" srcport="137" dstport="137" 
2009:08:01-20:45:00 stuffman ulogd[3320]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth1" outitf="eth2" dstmac="00:b0:c2:02:e4:4f" srcmac="00:b0:c2:02:e3:c7" srcip="10.242.5.1" dstip="10.255.255.255" proto="17" length="78" tos="0x00" prec="0x00" ttl="127" srcport="137" dstport="137" 
2009:08:01-20:45:01 stuffman ulogd[3320]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth1" outitf="eth2" dstmac="00:b0:c2:02:e4:4f" srcmac="00:b0:c2:02:e3:c7" srcip="10.242.5.1" dstip="10.255.255.255" proto="17" length="78" tos="0x00" prec="0x00" ttl="127" srcport="137" dstport="137" 
2009:08:01-20:45:12 stuffman ulogd[3320]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth1" outitf="eth2" dstmac="00:b0:c2:02:e4:4f" srcmac="00:b0:c2:02:e3:c7" srcip="10.242.5.1" dstip="10.255.255.255" proto="17" length="78" tos="0x00" prec="0x00" ttl="127" srcport="137" dstport="137" 
2009:08:01-20:45:12 stuffman ulogd[3320]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth1" outitf="eth2" dstmac="00:b0:c2:02:e4:4f" srcmac="00:b0:c2:02:e3:c7" srcip="10.242.5.1" dstip="10.255.255.255" proto="17" length="78" tos="0x00" prec="0x00" ttl="127" srcport="137" dstport="137"



Could someone help?

Thanks


This thread was automatically locked due to age.
Parents
  • 0
    I'm not sure what you mean by "DHCP VPN cisco pool" - an accidental inclusion of "DHCP" is what I assume.

    In the setup of the Cisco VPN service in the Astaro, be sure to check the box for 'Automatic packet filter rules' and you will be able to add "Internal (Network)" to 'Local Networks'.  That will enable VPN access to local resources.

    To browse the internet, you do need to create a masq rule for the 'VPN Pool (Cisco)'.  It sounds like you already have 'VPN Pool (Cisco)' in 'Allowed networks' for the HTTP proxy.

    Does it work now?

    Cheers - Bob
Reply
  • 0
    I'm not sure what you mean by "DHCP VPN cisco pool" - an accidental inclusion of "DHCP" is what I assume.

    In the setup of the Cisco VPN service in the Astaro, be sure to check the box for 'Automatic packet filter rules' and you will be able to add "Internal (Network)" to 'Local Networks'.  That will enable VPN access to local resources.

    To browse the internet, you do need to create a masq rule for the 'VPN Pool (Cisco)'.  It sounds like you already have 'VPN Pool (Cisco)' in 'Allowed networks' for the HTTP proxy.

    Does it work now?

    Cheers - Bob
Children
No Data