[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] openVPN through Cisco firewall!


  • Subject: Re: [Openvpn-users] openVPN through Cisco firewall!
  • From: "Peter Njiiri" <pnjiiri@xxxxxxxxx>
  • Date: Thu, 05 Jul 2007 19:25:34 +0400

Hi
Thanks for the feedback. I need to bypass the firewall as it's blocking the traffic (I think) (as no packets are received on the tun interface of the remote server when I ping the 10.30.7.100 from 192.168.1.2). If I try to force the internal traffic by adding a route for the internal network, i.e 192.168.1.0 through the tunnel, ping doesn't work. Yes the tunnel is up with no errors,Initialization Sequence is done. Yes from 192.168.1.2, I can ping successfully to 10.8.0.6 (tun interface of the remote server) from 192.168.1.2 and vice versa (when I ping 10.8.0.1 from 10.30.7.100). As said, I want to communicate from the 192.168.1.2 to the remote server (10.30.7.100) without passing through NAT (firewall) because the software I'm installing on the remote server requires no NAT communication.Is there a way that this can be done??? Which IP should I assign the software so that it communicates through the tunnel, the physical nic or the virtual tun one???Maybe it's the concept I'm missing??
 
Kind Regards
Peter


>>> Erich Titl <erich.titl@xxxxxxxx> 05/07/2007 18:03 >>>
Hi

Peter Njiiri wrote:
...



> The application to be installed on the client server (10.30.7.9)
> requires that no NAT-ing be done thus need the tunnel to work to prevent
> any NAT by the PIX. Is there a route I can add to bypass the firewall.

What for?

> Can an alternative route or iptables rule be added to force all data
> from 192.168.1.2 to 10.30.7.100??Is there something I've
> missed??Feedback will be appreciated. Thanks

You did not tell us if the tunnel actually comes up. Once the tunnel is
established you can contact the client through its _tunnel_ interface.

HTH

Erich