cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
408
Views
0
Helpful
3
Replies

VPN Client from inside

isk-admin
Level 1
Level 1

What have I to configure to let inside user start a client vpn connection with transport tunneling ipsec over udp through pix to another pix? From outside it is working fine but from inside transport tunneling is inactive.

Regards

Helmut

3 Replies 3

JORGE RODRIGUEZ
Level 10
Level 10

Hi Helmut,

If your users are using the cisco vpn client you need to allow the Ipsec vpn ports through in your inside interface.

The IPsec vpn ports are :

UDP 500, UDP 4500, and ESP protocol 50

create an access list on your inside interface allowing these ports outbound.

e.g

access-list inside permit udp any any eq 500

access-list inside permit udp any any eq 4500

access-list inside permit esp any any

access-group inside in interface inside

HTH

Jorge

Jorge Rodriguez

Yes I am using CISCO client. For testing there are no restrictions for outgoing traffic. In logfile of the client I see that no nat-device is recognize. Perhaps this is the reason that transport tunneling is inactive? My problem is that the vpn connection breaks down after an irregular time. I know this problem when the vpn gateway is not configured with nat traversal, but it is.

Any ideas?

if you are using version 7, "inpsect ipsec-pass-thru" in the default policy.

Otherwise use fixup.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: