Cisco VPN / Firewall configuration
G-Love
greg at 20percent.org
Sat Jul 24 22:09:40 UTC 2004
All -
After much consternation, I was successfully able to install the Cisco
3000 series VPN client on my FC2 box, with kernel 2.6.7 I had some
problems connecting at first, but that was fixed with a simple addition
to my iptables config file. Here's my current problem (and seemingly my
last hurdle to getting this to work as I need):
I'm connecting to the VPN server using NAT, as I have a firewall running
on my machine. I can get to all the internal websites with no problem;
however, when I try to ssh to a machine on the internal network, it
simply hangs. When I try to ping the same machine, it times out with
the following message:
PING: unknown host <hostname.myco.com>
Then I did a little experiement. I got the IP address of the machine
that I was attempting to connect to, re-established my VPN connection,
then attempted to ssh to the machine using the IP address. Lo and
behold, it worked, and I was able to verify that I was, in fact,
connected to the machine thru my VPN connection (the 3000 series VPN
clients/concentrators allow for split tunnelling).
SO...it seems as thought name resolution does not work with the VPN
connection enabled. In fact, I can't see (ssh, ping,...) ANY machines
while the VPN connection is active. I tried pinging cnn.com, and that
resulted in the same "unknown host..." message. I'm a bit of a newbie
to firewall configurations, etc, so any help on getting this to work
would be appreciated. I guess using the IP address is an OK workaround
for now, but I'd rather not rely on this method.
Thanks.
-greg
More information about the fedora-list
mailing list