Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Problem with vpnclient on Redhat Linux 7.2

Hello,

i'm using the vpnclient Version 3.5 under Redhat Linux 7.2 to connect

via ISDN to the PIX in my office. On starting the connection i get the

following error:

Remote peer is no longer responding.

It's looks like the firewall bug, but it isn't. The firewall is disabled:

[root@snoopy benndorf]# chkconfig --list ipchains

ipchains 0:off 1:off 2:off 3:off 4:off 5:off 6:off

[root@snoopy benndorf]# chkconfig --list iptables

iptables 0:off 1:off 2:off 3:off 4:off 5:off 6:off

On monitoring the TCP traffic to and from the PIX (192.26.179.10) with

tcpdump i get the following results:

[root@snoopy benndorf]# tcpdump host 192.26.179.10

tcpdump: listening on ippp0

16:22:09.322072 213.7.166.16.32772 > 192.26.179.10.29746: udp 8 (DF)

16:22:10.419368 213.7.166.16.32774 > 192.26.179.10.29746: udp 8 (DF)

16:22:11.732602 213.7.166.16.isakmp > 192.26.179.10.isakmp: isakmp: phase 1 I agg: [|sa] (DF)

16:22:16.759370 213.7.166.16.isakmp > 192.26.179.10.isakmp: isakmp: phase 1 I agg: [|sa] (DF)

16:22:21.759355 213.7.166.16.isakmp > 192.26.179.10.isakmp: isakmp: phase 1 I agg: [|sa] (DF)

16:22:26.799325 213.7.166.16.isakmp > 192.26.179.10.isakmp: isakmp: phase 1 I agg: [|sa] (DF)

It shows that packages going from my computer to the PIX, but nothing

comes back. We've checked also the arriving TCP packets at the PIX and

none will arrive. This seems to occur only by using vpnclient, i can

ping the PIX and also a ssh connection to the PIX leads to arriving

TCP packets.

In search for a solution i've already reinstalled RH Linux 7.2 and

upgraded the kernel to the 2.4.9-34 version available from

RedHat. Nothing seems to help.

Do you have any advice ?

Best regards

Kai Benndorf

-----------------------------------------------------------------------------

Dipl.-Inf. Kai Benndorf

Fraunhofer-Institut f�r Zuverl�ssigkeit und Mikrointegration IZM

Aussenstelle (Branch Lab) Paderborn PHONE: (++49) 5251 5402-131

Technologiepark 34 (++49) 5261 920832

33100 Paderborn FAX: (++49) 5251 5402-105

Germany E-MAIL: kai.benndorf@pb.izm.fraunhofer.de

URL: http://www.pb.izm.fraunhofer.de/ase

-----------------------------------------------------------------------------

  • Other Security Subjects
2 REPLIES
Bronze

Re: Problem with vpnclient on Redhat Linux 7.2

Ipchains are off, but make sure iptables aren’t in use; Iptables are the default on the newer kernels now. Short of that, go to the other side and run a sniffer and see if packets are being sent out.

New Member

Re: Problem with vpnclient on Redhat Linux 7.2

the LINUX VPN client does not support synchronous ISDN like I4L.

Try an AVM card with CAPI (asynchronuous pppd interface). I use a SuSE distribution and get an error in the system log "unknown MAC header length" if I use ippp.

101
Views
0
Helpful
2
Replies