cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
13207
Views
0
Helpful
5
Replies

IPSEC passthrough on ASA5505

lifecareit
Level 1
Level 1

Trying to set up ASA 5505 to allow IPSEC passthru for AT&T Global network Client VPN.

5 Replies 5

jeremyault
Level 1
Level 1

Create an ACL to allow the traffic to pass? Assuming you're using esp and ike.

access-list 111 permit esp

access-list 111 permit udp eq isakmp

access-group 111 in interface outside

That will let it pass through un-natted. If you need to nat then you'll need to create a static nat.

Did that part already...looks like a static nat is in order.

Oh yeah, I just remembered, if the clients are using NAT traversal, you'll need to permit the UDP port being used - most often UDP 10000 but could be whatever port NAT-T is set to.

JORGE RODRIGUEZ
Level 10
Level 10

These are the IPsec vpn ports that need to be allowed through.

udp 500

udp 4500

protocol 50 esp

Jorge Rodriguez
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: