Cisco VPN and Remote Desktop

Paulmaz · July 27, 2007, 12:50pm

Please help. I am running Comodo firewall on my desktop pc. When I VPN from home through our corporate Cisco VPN, I now cannot remote desktop to my desktop system. If I turn Comodo off I can get in just fine. Is there a setting I can make to allow me to both run Comodo and remote desktop into this system?

nubiatech · July 28, 2007, 1:30am

Your PC is probably assigned a different ip address when connecting via VPN, you may need to create appropriate Network Monitor rules; e.g a trusted zone for the VPN ip address range.

cvelev · September 13, 2007, 9:07pm

I did like you wrote but I still have errors like:

Date/Time :2007-09-13 22:52:20
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Fragmented IP Packet)
Direction: IP Outgoing Source: 192.168.1.2
Destination: xxx.xxx.xxx.xxx
Protocol : UDP
Reason: Fragmented IP packets are not allowed

Date/Time :2007-09-13 22:52:20
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Fake or Malformed UDP Packet)
Direction: UDP
Outgoing Source: 192.168.1.2:4500
Destination: xxx.xxx.xxx.xxx:4500
Reason: UDP packet length and the size on the wire(2440 bytes) do not match

I tried everything(at least I think so ;D).
Do you have any clue what I need to do to resolve this

nubiatech · September 13, 2007, 9:52pm

By default, CPF blocks fragmented IP packets, and the “Protocol analysis” option is on.
You can disable both of them:

Security → Advanced → Advanced Attack Detection and prevention → Miscellaneous →
uncheck “Block fragmented IP datagrams”, and
uncheck “Do protocol analysis”

Triplejolt · September 14, 2007, 7:21am

UDP 4500 is used by Cisco VPN client to implement transparent tunneling (or split-tunneling if you will). Transparent tunneling/Split-tunneling is a way to allow some traffic to be encrypted and some not. A minor security risk, but helps to provide more functionality. Just be sure to use the built-in stateful firewall to prevent inbound traffic to get routed back into your VPN tunnel.

Start the Cisco VPN client and “modify” the connection you normally use. In the transport section you’ll see a check box marked “Enable Transparent Tunneling”. Here you have 2 choices which will basically enable you to employ transparent tunneling on ports UDP 4500 or TCP 10000.

You need to allow the outbound/inbound port you use in CFP, otherwise the tunnel will fail. In your case the port UDP 4500. As you use Remote Desktop within the VPN tunnel, you don’t need to worry about opening up additional ports for this unless it connects outside the VPN tunnel.

Hope this helps