I am trying to use the Cisco VPN client from a Red Hat Linux 7.2 box attached to the SME v. 5.03 server. According to Cisco, the client needs UDP port 500, UDP port 10,000 (or whatever port is needed for ipsec through NAT) and IP protocol 50 (ESP). Cisco says to look for and delete lines in /etc/sysconfig/ipchains that contain:
-A input -p udp -s 0/0 0:1023 -j REJECT
-A input -p udp -s 0/0 -d
I understand that SME server does not use the /etc/sysconfig/ipchains file but uses the /etc/rc.d/init.d/masq file instead.
I am having a problem with DNS services while the Cisco VPN client is running. I can get DNS when the client is not running, but when it starts, it overwrites resolv.conf with my company's internal DNS server addresses and DNS no longer works.
It seems that ipchains rules are blocking some part of the traffic over the VPN, but I cannot figure out which ipchains rules to add / modify / delete in the masq file.
Thanks for any help.
4 Replies
774 Views