This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cisco VPN: unable to browse

Hi All

I've just set up cisco VPN and I am able to connect to my home address. The vpn clients get an ip from the DHCP VPN cisco pool (10.242.5.0/24) . I am unable to connect to local resources or browse the internet. Cisco vpn client is allowed under the HTTP proxy, packet filter fules. I have no NAT /Mas in place at the moment for the vpn

I am however, getting the following on the pf:

2009:08:01-20:44:46 stuffman ulogd[3320]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth1" outitf="eth2" dstmac="00:b0:c2:02:e4:4f" srcmac="00:b0:c2:02:e3:c7" srcip="10.242.5.1" dstip="10.255.255.255" proto="17" length="78" tos="0x00" prec="0x00" ttl="127" srcport="137" dstport="137" 
2009:08:01-20:45:00 stuffman ulogd[3320]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth1" outitf="eth2" dstmac="00:b0:c2:02:e4:4f" srcmac="00:b0:c2:02:e3:c7" srcip="10.242.5.1" dstip="10.255.255.255" proto="17" length="78" tos="0x00" prec="0x00" ttl="127" srcport="137" dstport="137" 
2009:08:01-20:45:00 stuffman ulogd[3320]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth1" outitf="eth2" dstmac="00:b0:c2:02:e4:4f" srcmac="00:b0:c2:02:e3:c7" srcip="10.242.5.1" dstip="10.255.255.255" proto="17" length="78" tos="0x00" prec="0x00" ttl="127" srcport="137" dstport="137" 
2009:08:01-20:45:01 stuffman ulogd[3320]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth1" outitf="eth2" dstmac="00:b0:c2:02:e4:4f" srcmac="00:b0:c2:02:e3:c7" srcip="10.242.5.1" dstip="10.255.255.255" proto="17" length="78" tos="0x00" prec="0x00" ttl="127" srcport="137" dstport="137" 
2009:08:01-20:45:12 stuffman ulogd[3320]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth1" outitf="eth2" dstmac="00:b0:c2:02:e4:4f" srcmac="00:b0:c2:02:e3:c7" srcip="10.242.5.1" dstip="10.255.255.255" proto="17" length="78" tos="0x00" prec="0x00" ttl="127" srcport="137" dstport="137" 
2009:08:01-20:45:12 stuffman ulogd[3320]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth1" outitf="eth2" dstmac="00:b0:c2:02:e4:4f" srcmac="00:b0:c2:02:e3:c7" srcip="10.242.5.1" dstip="10.255.255.255" proto="17" length="78" tos="0x00" prec="0x00" ttl="127" srcport="137" dstport="137"

Could someone help?

Thanks

This thread was automatically locked due to age.

Parents

0 wingman over 16 years ago

The only networks I am using are 192.168.2.0/24,172.16.1.0/24 and the cisco vpn 10.242.5.0/24. No matter what I am trying to do I am getting the below (On this instance I've tried to ping a zone 1 host).

2009:08:02-13:47:16 stuffman ulogd[3335]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth1" outitf="eth2" dstmac="00:b0:c2:02:e4:4f" srcmac="00:b0:c2:02:e3:c7" srcip="10.242.5.1" dstip="10.255.255.255" proto="17" length="207" tos="0x00" prec="0x00" ttl="127" srcport="138" dstport="138" 
2009:08:02-13:47:16 stuffman ulogd[3335]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth1" outitf="eth2" dstmac="00:b0:c2:02:e4:4f" srcmac="00:b0:c2:02:e3:c7" srcip="10.242.5.1" dstip="10.255.255.255" proto="17" length="237" tos="0x00" prec="0x00" ttl="127" srcport="138" dstport="138" 
2009:08:02-13:47:17 stuffman ulogd[3335]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth1" outitf="eth2" dstmac="00:b0:c2:02:e4:4f" srcmac="00:b0:c2:02:e3:c7" srcip="10.242.5.1" dstip="10.255.255.255" proto="17" length="211" tos="0x00" prec="0x00" ttl="127" srcport="138" dstport="138" 
2009:08:02-13:47:18 stuffman ulogd[3335]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth1" outitf="eth2" dstmac="00:b0:c2:02:e4:4f" srcmac="00:b0:c2:02:e3:c7" srcip="10.242.5.1" dstip="10.255.255.255" proto="17" length="78" tos="0x00" prec="0x00" ttl="127" srcport="137" dstport="137" 
2009:08:02-13:47:18 stuffman ulogd[3335]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth1" outitf="eth2" dstmac="00:b0:c2:02:e4:4f" srcmac="00:b0:c2:02:e3:c7" srcip="10.242.5.1" dstip="10.255.255.255" proto="17" length="78" tos="0x00" prec="0x00" ttl="127" srcport="137" dstport="137" 
2009:08:02-13:47:18 stuffman ulogd[3335]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth1" outitf="eth2" dstmac="00:b0:c2:02:e4:4f" srcmac="00:b0:c2:02:e3:c7" srcip="10.242.5.1" dstip="10.255.255.255" proto="17" length="96" tos="0x00" prec="0x00" ttl="127" srcport="137" dstport="137"

I've also created an any any allow rule just to confirm that it's the pf that is blocking the vpn client to browse but it's not. Even with having the allow any any rule, I am unable to ping devices/ connect to the internet

Question: Should I create an IPsec connection?

Reply

0 wingman over 16 years ago

2009:08:02-13:47:16 stuffman ulogd[3335]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth1" outitf="eth2" dstmac="00:b0:c2:02:e4:4f" srcmac="00:b0:c2:02:e3:c7" srcip="10.242.5.1" dstip="10.255.255.255" proto="17" length="207" tos="0x00" prec="0x00" ttl="127" srcport="138" dstport="138" 
2009:08:02-13:47:16 stuffman ulogd[3335]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth1" outitf="eth2" dstmac="00:b0:c2:02:e4:4f" srcmac="00:b0:c2:02:e3:c7" srcip="10.242.5.1" dstip="10.255.255.255" proto="17" length="237" tos="0x00" prec="0x00" ttl="127" srcport="138" dstport="138" 
2009:08:02-13:47:17 stuffman ulogd[3335]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth1" outitf="eth2" dstmac="00:b0:c2:02:e4:4f" srcmac="00:b0:c2:02:e3:c7" srcip="10.242.5.1" dstip="10.255.255.255" proto="17" length="211" tos="0x00" prec="0x00" ttl="127" srcport="138" dstport="138" 
2009:08:02-13:47:18 stuffman ulogd[3335]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth1" outitf="eth2" dstmac="00:b0:c2:02:e4:4f" srcmac="00:b0:c2:02:e3:c7" srcip="10.242.5.1" dstip="10.255.255.255" proto="17" length="78" tos="0x00" prec="0x00" ttl="127" srcport="137" dstport="137" 
2009:08:02-13:47:18 stuffman ulogd[3335]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth1" outitf="eth2" dstmac="00:b0:c2:02:e4:4f" srcmac="00:b0:c2:02:e3:c7" srcip="10.242.5.1" dstip="10.255.255.255" proto="17" length="78" tos="0x00" prec="0x00" ttl="127" srcport="137" dstport="137" 
2009:08:02-13:47:18 stuffman ulogd[3335]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth1" outitf="eth2" dstmac="00:b0:c2:02:e4:4f" srcmac="00:b0:c2:02:e3:c7" srcip="10.242.5.1" dstip="10.255.255.255" proto="17" length="96" tos="0x00" prec="0x00" ttl="127" srcport="137" dstport="137"

Children

No Data