05-08-2007 11:35 AM - edited 02-21-2020 03:01 PM
Hi.I'm trying to allow Cisco VPN client from our company's LAN to remote resources.
There is PAT set up on the PIX and I will add the following lines to the ACL on the inside interface to allow access for the client:
permit tcp x.x.x.x y.y.y.y eq 50
permit tcp x.x.x.x y.y.y.y eq 51
permit udp x.x.x.x y.y.y.y eq 500
permit udp x.x.x.x y.y.y.y eq 4500
I haven't done anything like this before so I don't know if this will be enough to allow the client connection to remote resources.
Do I need to do anything else for this to work?
Solved! Go to Solution.
05-08-2007 12:26 PM
That should be good for the local pix, but make sure nat-traversal is enabled on remote device.
esp and ah are protocols, not ports. 50 and 51.
permit esp x.x.x.x y.y.y.y
permit ah x.x.x.x y.y.y.y
permit udp x.x.x.x y.y.y.y eq 500
permit udp x.x.x.x y.y.y.y eq 4500
05-08-2007 12:26 PM
That should be good for the local pix, but make sure nat-traversal is enabled on remote device.
esp and ah are protocols, not ports. 50 and 51.
permit esp x.x.x.x y.y.y.y
permit ah x.x.x.x y.y.y.y
permit udp x.x.x.x y.y.y.y eq 500
permit udp x.x.x.x y.y.y.y eq 4500
05-08-2007 12:43 PM
Thanks for the correction on the ACL.
The remote PIX isn't under my control so I'll pass that information to the other administrator.
Thanks for the fast reply.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide