> Hello People,
>
> I am trying to get one LAN-computer access an remote VPN.
>
>
10.0.66.x->my-firewall->----internet----<-remote-firewall<-customer-comp-with-officialIP
>
>
> http://www.shorewall.net/ports.htm does suggest to put "IPSEC" at
the
> protocol field. though IPSEC is not recognized by /etc/protocols
> nothing bad, just a useless hint as u need to put "ESP" or
"AH" there
I don''t see what you are talking about. There is one instance of
''IPSEC''
on that page and it is a heading. Under that heading, the text advocates
putting "50" or "51" in the procotol field.
Note that AH cannot be passed through NAT.
>
> this didnt help either:
> ACCEPT loc:10.0.66.x net udp 500
> ACCEPT loc:10.0.66.x net udp 4500
> ACCEPT loc:10.0.66.x net tcp 10000
>
>
> the LAN-PC is some w2k-box with Cisco-VPN-client
> my FW is running debian(Linux version 2.4.20) with shorewall 1.3.11a
>
>
>
>
> what is the problem? is it me?;)
>
Did you look at http://www.shorewall.net/VPN.htm?
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline \ http://www.shorewall.net
Washington, USA \ teastep@shorewall.net