JORGE RODRIGUEZ Mon, 10/01/2007 - 09:43
User Badges:
  • Green, 3000 points or more

Keith, you need to allow through the IPsec ports udp 500, udp 4500 and protocol 50 esp.

create an inbound access list allowing these IPsect ports and apply acl to your outbound interface. Are you using Cisco vpn client on the windows machine? or are you using PPTP ? if using PPTP you need tcp 1723 and allow GRE protocol 47 .


HTH

Jorge

mikntwd49508 Mon, 10/01/2007 - 10:49
User Badges:

Can you give me an example of what the command parameters might look like?


like: 10 permit udp any any

JORGE RODRIGUEZ Mon, 10/01/2007 - 11:06
User Badges:
  • Green, 3000 points or more

You can try :


access-list 101 permit udp any any eq 500 log

access-list 101 permit udp any any eq 4500 log

access-list 101 permit esp any any log

access-list 101 permit tcp any any eq 1723 log

access-list 101 permit gre any any log


apply acl-101 to outbound interface

access-group 101 in



if you want to be more especific with acl then create one specifying destination host.





mikntwd49508 Mon, 10/01/2007 - 10:57
User Badges:

The connection properties is created in Windows. As far as I know, Its suppose to be L2TP IPSec VPN connection. No Cisco VPN client software is being used.

JORGE RODRIGUEZ Mon, 10/01/2007 - 11:11
User Badges:
  • Green, 3000 points or more

ok then omit in above acl udp 500, 4500 and esp protoco, if vpn clinent is the mricrosoft version it is the pptp.


Actions

This Discussion