View Single Post
  #2   (View Single Post)  
Old 19th November 2012
jggimi's Avatar
jggimi jggimi is online now
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

The Cisco VPN client uses IPSec. The protocols used with IPSec are UDP, AH, and ESP, Likely, however, only ESP and UDP will be utilized in this particular VPN solution.

You will need to add a pass inbound for ESP traffic. ESP doesn't use ports, so it's syntax will not include port numbers. Passing the traffic inbound and outbound will be required. Your client will initiate the connection, so PF's stateful tracking should route the traffic to your workstation appropriately.

The UDP protocol is used for key exchange and key management. UDP port 500 is the primary port for key exchanges, port 4500 is used for NAT Traversal which may be required -- these should be passed as well, however, stateful processing should manage that if your client initiates the connection.

Your OpenBSD ipsec(4) man page may be helpful to you.

Last edited by jggimi; 19th November 2012 at 06:02 PM. Reason: clarity, simplifying solution
Reply With Quote