09-17-2007 02:18 AM
What have I to configure to let inside user start a client vpn connection with transport tunneling ipsec over udp through pix to another pix? From outside it is working fine but from inside transport tunneling is inactive.
Regards
Helmut
09-17-2007 09:20 AM
Hi Helmut,
If your users are using the cisco vpn client you need to allow the Ipsec vpn ports through in your inside interface.
The IPsec vpn ports are :
UDP 500, UDP 4500, and ESP protocol 50
create an access list on your inside interface allowing these ports outbound.
e.g
access-list inside permit udp any any eq 500
access-list inside permit udp any any eq 4500
access-list inside permit esp any any
access-group inside in interface inside
HTH
Jorge
09-17-2007 10:35 PM
Yes I am using CISCO client. For testing there are no restrictions for outgoing traffic. In logfile of the client I see that no nat-device is recognize. Perhaps this is the reason that transport tunneling is inactive? My problem is that the vpn connection breaks down after an irregular time. I know this problem when the vpn gateway is not configured with nat traversal, but it is.
Any ideas?
10-02-2007 01:35 PM
if you are using version 7, "inpsect ipsec-pass-thru" in the default policy.
Otherwise use fixup.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: