VPN Client from inside

Unanswered Question
Sep 17th, 2007

What have I to configure to let inside user start a client vpn connection with transport tunneling ipsec over udp through pix to another pix? From outside it is working fine but from inside transport tunneling is inactive.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
JORGE RODRIGUEZ Mon, 09/17/2007 - 09:20

Hi Helmut,

If your users are using the cisco vpn client you need to allow the Ipsec vpn ports through in your inside interface.

The IPsec vpn ports are :

UDP 500, UDP 4500, and ESP protocol 50

create an access list on your inside interface allowing these ports outbound.


access-list inside permit udp any any eq 500

access-list inside permit udp any any eq 4500

access-list inside permit esp any any

access-group inside in interface inside



isk-admin Mon, 09/17/2007 - 22:35

Yes I am using CISCO client. For testing there are no restrictions for outgoing traffic. In logfile of the client I see that no nat-device is recognize. Perhaps this is the reason that transport tunneling is inactive? My problem is that the vpn connection breaks down after an irregular time. I know this problem when the vpn gateway is not configured with nat traversal, but it is.

Any ideas?


This Discussion