In my evnrionment, I use Concentrator 3k and Cisco VPN client 3.5.x for VPN connection. My users have problem using x11 from remote workstations (x11-server) to UNIX servers (x11-client) in the inside network. From my sniffer capture and firewall log (CheckPoint FW1), the issue is related to the virtual IP of the workstation assigned to the VPN client and the real/physical IP of the workstation (VPN Client).
First, workstation send XDMCP (udp-177) to the internal server (x11-client) using the VPN ip address. Multiple XDMCP traffic then going back and forth between the workstation and the server. Then, the server (as expect) initiates x11 (tcp 6000) session to the workstation. Yet, this time the server (x11-client) is using the workstation 's physical IP address instead of the VPN 's IP. As the result, the connection can't be established (drop/reject by the workstation).
Would anyone have any suggestions on this issue? FYI, the x-windows product we uses is called "Exceed v6", don't know if this makes a difference.
I would suggest not using X11 by itself. Using an ssh client to connect into the server with X11 forwarding enabled, you should never have to worry about this problem again. It will set the display variable accordingly. Also, it has the added benefit of allowing you to close port 6000 from listening on your servers since all X11 communication is done through the secure tunnel. Once you get it set up, you'll never want to go back.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :