jeremyault Thu, 08/30/2007 - 08:16
User Badges:

Create an ACL to allow the traffic to pass? Assuming you're using esp and ike.

access-list 111 permit esp

access-list 111 permit udp eq isakmp

access-group 111 in interface outside

That will let it pass through un-natted. If you need to nat then you'll need to create a static nat.

lifecareit Thu, 08/30/2007 - 12:49
User Badges:

Did that part already...looks like a static nat is in order.

jeremyault Sun, 09/02/2007 - 08:56
User Badges:

Oh yeah, I just remembered, if the clients are using NAT traversal, you'll need to permit the UDP port being used - most often UDP 10000 but could be whatever port NAT-T is set to.

JORGE RODRIGUEZ Thu, 08/30/2007 - 13:20
User Badges:
  • Green, 3000 points or more

These are the IPsec vpn ports that need to be allowed through.

udp 500

udp 4500

protocol 50 esp


This Discussion