Cisco VPN Client Readme file ============================ This file describes the contents of the Cisco VPN Client files for the Linux platform Refer to the Bug Navigator on Cisco Connection Online for open issues: http://www.cisco.com/support/bugtools/bugtool.shtml Revision: Release 4.6.02.0030 Files: vpnclient-linux-4.6.02.0030-k9.tar.gz Contents: New Features Linux Virtual Adapter (please note the example iptables filter at the end of this file) WARNING: ISDN users should not upgrade to this client version. See unresolved issue below. Resolved Issues CSCdz23397 unity client will not import netscape 7 certificates CSCee60154 unity linux e100 driver and eepro incompatibility CSCee60160 unity linux tg3 driver incompatibility CSCef38768 linux vpnclient badness smp with fc3 CSCeh21235 unity linux fedora core 3 checksum offloading CSCeh40276 adapter host routes point through the va CSCsa50543 Compile errors in interceptor.c and interceptor.o for Fedora Core 3 Unresolved Issues CSCeh41571 unity linux isdn over va fails to pass traffic Revision: Release 4.6 Rel Files: vpnclient-linux-4.6.00.0045.Rel-k9.tar.gz Contents: - See Release Notes for Release 4.6 Rel at: http://www.cisco.com/univercd/cc/td/doc/product/vpn/client/index.htm # Firewall configuration written by Cisco Systems # Designed for the Linux VPN Client 4.6.02.0030 Virtual Adapter # Blocks ALL traffic on eth0 except for tunneled traffic *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] # Allow all traffic in both directions through the VA adapter -A INPUT -i cipsec0 -j ACCEPT -A OUTPUT -o cipsec0 -j ACCEPT # Accept all encrypted VPN Client traffic in either direction on eth0 -A INPUT -i eth0 -p udp -s 0/0 --sport 500 -d 0/0 --dport 500 -j ACCEPT -A OUTPUT -o eth0 -p udp -s 0/0 --sport 500 -d 0/0 --dport 500 -j ACCEPT -A INPUT -i eth0 -p udp -s 0/0 --sport 4500 -d 0/0 --dport 4500 -j ACCEPT -A OUTPUT -o eth0 -p udp -s 0/0 --sport 4500 -d 0/0 --dport 4500 -j ACCEPT -A OUTPUT -o eth0 -p udp -s 0/0 --sport 1024: -d 0/0 --dport 29747 -j ACCEPT # Block all other traffic in either direction on eth0 -A INPUT -i eth0 -j REJECT -A OUTPUT -o eth0 -j REJECT COMMIT