![]() ![]() Like this? Follow me ↯ Tweet Follow helped but I had to cobble it together with some more info I found elsewhere. The key point of this blog entry though is to point out that the firewall was manipulated by the Cisco An圜onnect client, and in order to customize how it works you need to alter the firewall settings each time you connect. You may want to add in some additional protection back as well, you can do that as you see fit. Where 01200 is the first set of numbers on the line. You can delete the rule using this command: sudo ipfw delete 01200 ![]() Which basically blocks all internet traffic except those that were specified explicitly specified by the VPN client. One of the lines in there was: 01283 deny ip from any to any ![]() You can list the firewall rules using: sudo ipfw -a list It turns out after some digging I discovered that the Cisco An圜onnect VPN client was adding rules to my Mac's local firewall ( ipfw). Where 10.1.1.1 would be the VPN gateway, and 192.168.123.0 is the network the servers I need to connect to are on.Īfter doing all this you would think everything would be setup for me to work, but I still couldn't connect to the internet! When I tried to ping google this is what I get: ping: sendto: Permission denied Now I need to add a special routing rule to allow me to connect to the servers I need to get to on the VPN server (you may or may not need to do this): sudo route add 192.168.123.0 10.1.1.1 Now since I don't want my internet traffic going through the VPN I have to change my default gateway back to my own router (192.168.2.1 in my case), I do that with the command (I'm on a Mac): sudo route change default 192.168.2.1 The VPN changed my default gateway to route everything through the VPN. One problem I was facing though is that I couldn't connect to the internet while I am connected to the client's VPN. I'm quite impressed with the security of the client, it allows the VPN administrator to have alot of control over how the client can connect. I am connecting to a Client's network via the Cisco An圜onnect VPN.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |