Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

x11 or x-windows over Cisco VPN

In my evnrionment, I use Concentrator 3k and Cisco VPN client 3.5.x for VPN connection. My users have problem using x11 from remote workstations (x11-server) to UNIX servers (x11-client) in the inside network. From my sniffer capture and firewall log (CheckPoint FW1), the issue is related to the virtual IP of the workstation assigned to the VPN client and the real/physical IP of the workstation (VPN Client).

First, workstation send XDMCP (udp-177) to the internal server (x11-client) using the VPN ip address. Multiple XDMCP traffic then going back and forth between the workstation and the server. Then, the server (as expect) initiates x11 (tcp 6000) session to the workstation. Yet, this time the server (x11-client) is using the workstation 's physical IP address instead of the VPN 's IP. As the result, the connection can't be established (drop/reject by the workstation).

Would anyone have any suggestions on this issue? FYI, the x-windows product we uses is called "Exceed v6", don't know if this makes a difference.


-Raymond Ng

New Member

Re: x11 or x-windows over Cisco VPN

I would suggest not using X11 by itself. Using an ssh client to connect into the server with X11 forwarding enabled, you should never have to worry about this problem again. It will set the display variable accordingly. Also, it has the added benefit of allowing you to close port 6000 from listening on your servers since all X11 communication is done through the secure tunnel. Once you get it set up, you'll never want to go back.

New Member

Re: x11 or x-windows over Cisco VPN

Thanks, but I am afraid that this is not an option in my environment.


CreatePlease login to create content