×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Cisco VPN client through a PIX Firewall

Unanswered Question
Aug 9th, 2007
User Badges:

Hi, has anyone ever configured a pix to site between a local LAN switch and an internet broadband router to basically block all trafic except for outgoing vpn connections using cisco vpn client to a cisco vpn concentrator from pc's located on the local LAN.


If anyone has got this kind of setup working then it would be usefull to get an overview of how, I have searched the net but can't seem to find anything specific to what im trying to achieve.


The info im interested in is what specific protocols/ports need to be allowed through, any speatures that need to be enabled on the pix, etc.


Thanks in advance.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
acomiskey Thu, 08/09/2007 - 09:43
User Badges:
  • Green, 3000 points or more

The ipsec vpn ports which would need to be allowed through would be


udp 500

udp 4500

protocol 50 esp


You could simply create an access-list on your inside interface allowing only these ports outbound.


access-list inside permit udp any any eq 500

access-list inside permit udp any any eq 4500

access-list inside permit esp any any

access-group inside in interface inside


or more specifically


access-list inside permit udp any host eq 500

access-list inside permit udp any host eq 4500

access-list inside permit esp any host

access-group inside in interface inside

Actions

This Discussion